Vibe coded Lovable-hosted app littered with basic flaws exposed 18K users
theregister.com
February 27, 2026
4 min read
🔥🔥🔥🔥🔥
53/100
Summary
A Lovable-hosted app reportedly exposed the data of 18,000 users due to 16 identified vulnerabilities, including six deemed critical. Lovable asserts that users are responsible for addressing security issues flagged prior to app publication.
Key Takeaways
- A Lovable-hosted app exposed the data of over 18,000 users due to 16 identified vulnerabilities, six of which were critical.
- The vulnerabilities stemmed from flaws in the app's backend, powered by Supabase, where crucial security features were not implemented correctly.
- An unauthenticated attacker could access sensitive user records, delete accounts, and manipulate grades due to the flawed authentication logic in the app.
- Research indicates that 45% of AI-generated code contains security flaws, highlighting a broader issue with security in apps developed using vibe coding.
Community Sentiment
Concerns
- The lack of accountability in vibe coding means users are unknowingly exposed to risks, highlighting a significant gap in security awareness.
- Lovable's target audience, primarily non-developers, may not recognize security flaws, putting their personal data at risk without their knowledge.
- The proliferation of similar-looking apps created through Lovable leads to abandonment and potential data exposure, raising concerns about user safety.
