Authentication Bypass in MicroRealEstate Product by MicroRealEstate
CVE-2026-57867

8.8HIGH

Key Information:

Vendor
CVE Published:
7 July 2026

What is CVE-2026-57867?

The MicroRealEstate product exhibits a vulnerability that allows malicious actors to bypass authentication processes due to inadequate management of token states. This flaw enables attackers to utilize brute-force methods against One-Time Passwords (OTP), potentially granting unauthorized access to user accounts. The vulnerability affects all versions of MicroRealEstate up to and including 1.0.0-alpha3, thereby posing significant security risks to users relying on this platform.

Affected Version(s)

MicroRealEstate 0 <= 1.0.0-alpha3

References

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jake Cleland
.