{"uuid": "3e562a64-3107-4cbe-92c6-e9a91425b365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56877", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mqsaz7bsec2a", "content": "CVE-2026-56877 - Skillable SCORM userId authorisation bypass\n\nPosted by Greg via Fulldisclosure on Jul 15Skillable's SCORM lab launch endpoint validates a launch token but \nenforces per-user allocation limits using a browser-supplied userId \nthat is not bound to the validated toke\u2026\n#hackernews #news", "creation_timestamp": "2026-07-16T22:13:03.636745Z"}