Data Enumeration Vulnerability in Adalo's No-Code App Builder
CVE-2026-10706
Currently unrated
What is CVE-2026-10706?
In Adalo's no-code app builder, versions 1 and 2, a vulnerability allows attackers to enumerate database identifiers (dbIds), potentially leading to the extraction of full user records. This weakness stems from a lack of data minimization and inadequate privacy safeguards, which could expose sensitive user information to unauthorized access across multiple applications.
Affected Version(s)
App Builder 1 <= 2
