CVE-2026-57870

Broken Access Control in Templates API in Camel Aissani’s MicroRealEstate

Discovered by Jake Cleland on behalf of The Missing Link Security

Vulnerability Details

MicroRealEstate did not validate authorisation on the Templates API, allowing adversaries to retrieve document templates used by any organisation registered on the platform.

Affected Versions

Affected Versions:
1.0.0-alpha3 and prior

Fixed Versions

Fixed Versions:

N/A

Latest News