Data Enumeration Vulnerability in Adalo's No-Code App Builder
CVE-2026-10706

Currently unrated

Key Information:

Vendor
CVE Published:
8 July 2026

What is CVE-2026-10706?

In Adalo's no-code app builder, versions 1 and 2, a vulnerability allows attackers to enumerate database identifiers (dbIds), potentially leading to the extraction of full user records. This weakness stems from a lack of data minimization and inadequate privacy safeguards, which could expose sensitive user information to unauthorized access across multiple applications.

Affected Version(s)

App Builder 1 <= 2

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.