Broken Access Control Vulnerability in MicroRealEstate by MicroRealEstate
CVE-2026-57870

5.3MEDIUM

Key Information:

Vendor
CVE Published:
7 July 2026

What is CVE-2026-57870?

The MicroRealEstate Template API contains a flaw that enables unauthorized users to access document templates belonging to other organizations. This vulnerability arises from improperly implemented object-level access controls, leaving sensitive data exposed to potential attackers. Users of version 1.0.0-alpha3 are particularly at risk, and it is essential to apply necessary security measures to mitigate any possible breaches.

Affected Version(s)

MicroRealEstate 0 <= 1.0.0-alpha3

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jake Cleland
.