PT-2026-56454 · Adalo No Code App Builder · App Builder
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-10706
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
App Builder