CVE-2026-57868

Broken Access Control in PDF Generator Functionality in Camel Aissani’s MicroRealEstate

Discovered by Jake Cleland on behalf of The Missing Link Security

Vulnerability Details

MicroRealEstate is vulnerable to an insecure direct object reference (IDOR) vulnerability in which tenants can view invoices from any existing user without authorisation. This disclosed personally identifiable information such as full names and addresses of other users as well as specific details about other users' rental terms.

Affected Versions

Affected Versions:
1.0.0-alpha3 and prior

Fixed Versions

Fixed Versions:

N/A

Latest News