CVE-2026-57871

Path Traversal Leading to Arbitrary File Write in Camel Aissani’s MicroRealEstate

Discovered by Jake Cleland on behalf of The Missing Link Security

Vulnerability Details

MicroRealEstate used parameters passed in a URL to determine file paths when writing uploaded files to disk. As a result, adversaries could control parts of the file path to write files to unauthorised directories, potentially overwriting system files and corrupting the platform.

Affected Versions

Affected Versions:
1.0.0-alpha3 and prior

Fixed Versions

Fixed Versions:

N/A

Latest News