Endpoint Vulnerability in Skillable’s SCORM Lab Launch Functionality
CVE-2026-56877

6.3MEDIUM

Key Information:

Vendor

Skillable

Vendor
CVE Published:
13 July 2026

What is CVE-2026-56877?

The SCORM lab launch endpoint in Skillable’s platform allows authenticated users to input arbitrary userId values without validation against the authenticated SCORM session token. This oversight enables users to bypass established lab launch rate limits, allowing them to consume allocations intended for other users. Consequently, this can lead to denial of service for affected users, disrupting their access to labs and exams. This vulnerability highlights the necessity for robust input validation mechanisms to safeguard user resources.

Affected Version(s)

SCORM Lab Launch Integration 0 <= 2026-07-13

References

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.