Broken Access Controls in MicroRealEstate by Missing Link
CVE-2026-57869

7.1HIGH

Key Information:

Vendor
CVE Published:
7 July 2026

What is CVE-2026-57869?

A serious security flaw in MicroRealEstate permits unauthorized users to access sensitive documents uploaded by landlords or tenants. This is due to inadequate object-level access controls and the reliance on deterministic patterns for random ID generation. Consequently, attackers can potentially compromise data privacy and security by exploiting these weaknesses, highlighting the need for urgent remediation.

Affected Version(s)

MicroRealEstate 0 <= 1.0.0-alpha3

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jake Cleland
.