PatchSiren

Skillable CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Skillable CVE published 2026-07-13

CVE-2026-56877

CVE-2026-56877 is a vulnerability in the SCORM lab launch endpoint of Skillable (formerly Learn on Demand Systems). The endpoint fails to validate the client-supplied userId parameter against the authenticated SCORM session token. This allows an authenticated user to bypass per-user lab launch rate limits and consume other users' lab allocations, potentially leading to denial of service against targeted u [truncated]