Endpoint Vulnerability in Skillable’s SCORM Lab Launch Functionality
CVE-2026-56877
6.3MEDIUM
What is CVE-2026-56877?
The SCORM lab launch endpoint in Skillable’s platform allows authenticated users to input arbitrary userId values without validation against the authenticated SCORM session token. This oversight enables users to bypass established lab launch rate limits, allowing them to consume allocations intended for other users. Consequently, this can lead to denial of service for affected users, disrupting their access to labs and exams. This vulnerability highlights the necessity for robust input validation mechanisms to safeguard user resources.
Affected Version(s)
SCORM Lab Launch Integration 0 <= 2026-07-13
