CVE-2026-34832

Name of the Vulnerable Software and Affected Versions Scoold versions prior to 1.66.1

Description Scoold, a Q&A and knowledge sharing platform, has an authorization issue in feedback deletion. Any authenticated user with low privileges can delete feedback posts created by other users by submitting the post's ID to the API endpoint ''/feedback/{id}/delete''. The system verifies user authentication but does not confirm if the user has permission to delete the feedback item before proceeding with the deletion. The id variable in the API endpoint is used to identify the feedback post to be deleted.

Recommendations Update Scoold to version 1.66.1 or later.