{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39354", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-06T20:28:38.395Z", "datePublished": "2026-04-07T18:54:36.133Z", "dateUpdated": "2026-04-09T16:17:51.713Z"}, "containers": {"cna": {"title": "Scoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/ask", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Erudika/scoold/security/advisories/GHSA-768r-cv9p-wrcm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Erudika/scoold/security/advisories/GHSA-768r-cv9p-wrcm"}], "affected": [{"vendor": "Erudika", "product": "scoold", "versions": [{"version": "< 1.66.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T18:54:36.133Z"}, "descriptions": [{"lang": "en", "value": "Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask. Because question IDs are exposed in normal question URLs, a low-privilege attacker can take a victim question ID from a public page and cause attacker-controlled content to be stored under that existing question object. This causes direct integrity loss of user-generated content and corrupts the integrity of the existing discussion thread. This vulnerability is fixed in 1.66.2."}], "source": {"advisory": "GHSA-768r-cv9p-wrcm", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/Erudika/scoold/security/advisories/GHSA-768r-cv9p-wrcm", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T15:04:47.366387Z", "id": "CVE-2026-39354", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T16:17:51.713Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39354", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-09T15:04:47.366387Z"}}}], "references": [{"url": "https://github.com/Erudika/scoold/security/advisories/GHSA-768r-cv9p-wrcm", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T15:04:57.181Z"}}], "cna": {"title": "Scoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/ask", "source": {"advisory": "GHSA-768r-cv9p-wrcm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Erudika", "product": "scoold", "versions": [{"status": "affected", "version": "< 1.66.2"}]}], "references": [{"url": "https://github.com/Erudika/scoold/security/advisories/GHSA-768r-cv9p-wrcm", "name": "https://github.com/Erudika/scoold/security/advisories/GHSA-768r-cv9p-wrcm", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask. Because question IDs are exposed in normal question URLs, a low-privilege attacker can take a victim question ID from a public page and cause attacker-controlled content to be stored under that existing question object. This causes direct integrity loss of user-generated content and corrupts the integrity of the existing discussion thread. This vulnerability is fixed in 1.66.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T18:54:36.133Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39354", "state": "PUBLISHED", "dateUpdated": "2026-04-09T16:17:51.713Z", "dateReserved": "2026-04-06T20:28:38.395Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-07T18:54:36.133Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:erudika:scoold:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F1340F2-5D49-4F87-B3DB-2187E5842588", "versionEndExcluding": "1.66.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask. Because question IDs are exposed in normal question URLs, a low-privilege attacker can take a victim question ID from a public page and cause attacker-controlled content to be stored under that existing question object. This causes direct integrity loss of user-generated content and corrupts the integrity of the existing discussion thread. This vulnerability is fixed in 1.66.2."}], "id": "CVE-2026-39354", "lastModified": "2026-04-10T19:29:30.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-07T19:16:46.357", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Erudika/scoold/security/advisories/GHSA-768r-cv9p-wrcm"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Erudika/scoold/security/advisories/GHSA-768r-cv9p-wrcm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.66.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "scoold", "source": "cna", "vendor": "Erudika"}, "product": "scoold", "vendor": "erudika"}], "analysis": {"en": {"generated_at": "2026-04-10T20:53:51.322990+00:00", "value": {"mitigation_remediation": ["Upgrade Scoold to version 1.66.2 or later"], "summary": {"action": "Immediate Patch", "impact": "Data Integrity Loss"}, "threat_synthesis": {"affected_systems": "The affected product is Erudika Scoold, a Q&A platform for teams. All releases before version 1.66.2 are vulnerable. The issue is present in every build earlier than the 1.66.2 update.", "description_and_impact": "Scoold versions prior to 1.66.2 allow a logged\u2011in user with low privileges to overwrite an existing question by supplying that question\u2019s public ID in the postId parameter of the POST /questions/ask endpoint. The flaw is caused by insufficient authorization checks when the client supplies the postId. This results in the attacker\u2019s content being stored under the victim question object, corrupting the discussion thread and erasing the original question text.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate severity. An EPSS score of less than 1% suggests a low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The exploitation requires an authenticated session, so any user with a valid account, even with low privileges, can trigger the flaw by submitting a malicious postId. No external unauthenticated attack vector is indicated."}}}}, "created": "2026-04-08T19:34:54.277294+00:00", "updated": "2026-04-13T14:26:21.365591+00:00", "vendors": ["erudika", "erudika$PRODUCT$scoold"]}