MEDIUM
Skillable
CVE published 2026-07-13
CVE-2026-56877
CVE-2026-56877 is a vulnerability in the SCORM lab launch endpoint of Skillable (formerly Learn on Demand Systems). The endpoint fails to validate the client-supplied userId parameter against the authenticated SCORM session token. This allows an authenticated user to bypass per-user lab launch rate limits and consume other users' lab allocations, potentially leading to denial of service against targeted u [truncated]