{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T04:19:15.892","vulnerabilities":[{"cve":{"id":"CVE-2026-34832","sourceIdentifier":"security-advisories@github.com","published":"2026-04-02T20:16:27.040","lastModified":"2026-04-15T17:29:54.877","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/{id}/delete. The handler enforces authentication but does not enforce object ownership (or moderator/admin authorization) before deletion. In verification, a second non-privileged account successfully deleted a victim account's feedback item, and the item immediately disappeared from the feedback listing/detail views. This issue has been patched in version 1.66.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erudika:scoold:*:*:*:*:*:*:*:*","versionEndExcluding":"1.66.1","matchCriteriaId":"52EC1B7D-984C-4F4B-AE33-0B3512EFC00D"}]}]}],"references":[{"url":"https://github.com/Erudika/scoold/commit/5def88c25405cc60482292bcceb45dc024e899fe","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Erudika/scoold/releases/tag/1.66.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/Erudika/scoold/security/advisories/GHSA-g5fv-xw88-vw44","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]}]}}]}