Impact
The vulnerability lies in the SCORM lab launch endpoint where the client‑supplied userId is not checked against the authenticated SCORM session token. An attacker who is already authenticated can supply arbitrary userIds, thereby consuming lab allocations belonging to other users and bypassing the intended per‑user launch rate limits. This misuse can exhaust a victim’s available lab or exam slots, causing a denial of service for those targeted users.
Affected Systems
Skillable’s SCORM Lab Launch Integration, accessed through scorm.skillable.com, is vulnerable in all versions up to 2026-07-13. The issue pertains specifically to the lab launch endpoint that accepts a userId parameter.
Risk and Exploitability
The CVSS score of 6.3 indicates a moderate severity, reflecting the potential to disrupt service for affected users. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog, suggesting no public exploits have been reported. The attack vector is likely limited to authenticated users with access to the SCORM session token, but once authenticated the bypass can be repeatedly exploited, impacting load and resource allocation for other users.
OpenCVE Enrichment