CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-10708

highCVSS 7.5covered by 1 sourcefirst seen 2026-07-08
This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and the absence of token revocation allows attackers to gather sensitive personal information from any Adalo application.

⚡ Watch CVE-2026-10708

Get an email if CVE-2026-10708 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-10708

CVE.org record

Embed the live status

CVE-2026-10708 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-10708 status](https://www.csirts.com/badge/CVE-2026-10708)](https://www.csirts.com/cve/CVE-2026-10708)