CVE-2026-57869

Broken Access Control in Documents API in Camel Aissani’s MicroRealEstate

Discovered by Jake Cleland on behalf of The Missing Link Security

Vulnerability Details

MicroRealEstate used a deterministic pattern to generate random identifiers for organisations registered to the platform. This greatly reduced the entropy of the identifiers, allowing adversaries to brute-force these IDs to retrieve documents uploaded by any landlord or tenant on the platform.

Affected Versions

Affected Versions:
1.0.0-alpha3 and prior

Fixed Versions

Fixed Versions:

N/A

Latest News