CVE-2026-57869

Summary

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization.

This issue affects MicroRealEstate: through 1.0.0-alpha3.

Affected Software

VendorProductVersion RangeStatus
MicroRealEstateMicroRealEstate0 <= 1.0.0-alpha3affected

Weaknesses

  • CWE-639: CWE-639 Authorization bypass through User-Controlled key
  • CWE-1241: CWE-1241 Use of predictable algorithm in random number generator

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References