CVE-2026-57867
Received Received - Intake

Authentication Bypass in MicroRealEstate via OTP Brute Force

Vulnerability report for CVE-2026-57867, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: The Missing Link Australia (TML)

Description

MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords (OTP) to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-07
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microrealestate microrealestate to 1.0.0-alpha3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57867 is a vulnerability in MicroRealEstate's authentication system caused by a lack of token state management. This flaw allows attackers to bypass authentication by brute-forcing One-Time Passwords (OTPs), enabling them to log in as any user without proper authorization.

Impact Analysis

This vulnerability can lead to unauthorized access to user accounts within MicroRealEstate deployments. Attackers exploiting this flaw can gain access to sensitive property and tenant information, manipulate lease and rent data, and potentially disrupt property management operations.

Mitigation Strategies

The vulnerability allows brute-force attacks on One-Time Passwords (OTP) due to lack of token state management, and no fixed versions are currently available.

Immediate mitigation steps include restricting access to the MicroRealEstate client portal, implementing additional rate limiting or account lockout mechanisms to prevent brute-force attempts, and monitoring authentication logs for suspicious activity.

Additionally, consider disabling OTP-based authentication temporarily if possible, or applying network-level controls such as IP whitelisting to limit exposure until a patch or fixed version is released.

Compliance Impact

The vulnerability in MicroRealEstate allows attackers to bypass authentication via brute-forcing One-Time Passwords (OTP), leading to unauthorized access to user accounts.

Such unauthorized access poses significant risks for data breaches and could result in exposure of sensitive personal or tenant information managed within the system.

This security gap may impact compliance with common standards and regulations like GDPR and HIPAA, which require strong access controls and protection of personal data to prevent unauthorized disclosure.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57867. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart