Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3.CreditsJake ClelandReferenceshttps://github.com/microrealestate/microrealestatehttps://www.themissinglink.com.au/security-advisories/cve-2026-57870