Description
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask. Because question IDs are exposed in normal question URLs, a low-privilege attacker can take a victim question ID from a public page and cause attacker-controlled content to be stored under that existing question object. This causes direct integrity loss of user-generated content and corrupts the integrity of the existing discussion thread. This vulnerability is fixed in 1.66.2.
Published: 2026-04-07
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Integrity Loss
Action: Immediate Patch
AI Analysis

Impact

Scoold versions prior to 1.66.2 allow a logged‑in user with low privileges to overwrite an existing question by supplying that question’s public ID in the postId parameter of the POST /questions/ask endpoint. The flaw is caused by insufficient authorization checks when the client supplies the postId. This results in the attacker’s content being stored under the victim question object, corrupting the discussion thread and erasing the original question text.

Affected Systems

The affected product is Erudika Scoold, a Q&A platform for teams. All releases before version 1.66.2 are vulnerable. The issue is present in every build earlier than the 1.66.2 update.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. An EPSS score of less than 1% suggests a low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The exploitation requires an authenticated session, so any user with a valid account, even with low privileges, can trigger the flaw by submitting a malicious postId. No external unauthenticated attack vector is indicated.

Generated by OpenCVE AI on April 10, 2026 at 20:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Scoold to version 1.66.2 or later

Generated by OpenCVE AI on April 10, 2026 at 20:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:erudika:scoold:*:*:*:*:*:*:*:*

Thu, 09 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Erudika
Erudika scoold
Vendors & Products Erudika
Erudika scoold

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask. Because question IDs are exposed in normal question URLs, a low-privilege attacker can take a victim question ID from a public page and cause attacker-controlled content to be stored under that existing question object. This causes direct integrity loss of user-generated content and corrupts the integrity of the existing discussion thread. This vulnerability is fixed in 1.66.2.
Title Scoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/ask
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Erudika Scoold
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-09T16:17:51.713Z

Reserved: 2026-04-06T20:28:38.395Z

Link: CVE-2026-39354

cve-icon Vulnrichment

Updated: 2026-04-09T15:04:57.181Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T19:16:46.357

Modified: 2026-04-10T19:29:30.457

Link: CVE-2026-39354

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:26:21Z

Weaknesses