CVE-2026-39354

MEDIUM 6.5

Scoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/ask

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

7th

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask. Because question IDs are exposed in normal question URLs, a low-privilege attacker can take a victim question ID from a public page and cause attacker-controlled content to be stored under that existing question object. This causes direct integrity loss of user-generated content and corrupts the integrity of the existing discussion thread. This vulnerability is fixed in 1.66.2.

CWE	CWE-639
Vendor	erudika
Product	scoold
Published	Apr 7, 2026
Last Updated	Apr 9, 2026

Stay Ahead of the Next One

Get instant alerts for erudika scoold

Be the first to know when new medium vulnerabilities affecting erudika scoold are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

Erudika / scoold

< 1.66.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Erudika/scoold/security/advisories/GHSA-768r-cv9p-wrcm