PT-2026-56454 · Adalo No Code App Builder · App Builder

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-10706

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties.
Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-10706

Affected Products

App Builder