CVE-2026-42176: CWE-306: Missing Authentication for Critical Function in Erudika scoold
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer token that is accepted as an admin API token. Once that setting is changed, the target email address is written to the application configuration file. The change does not become active immediately in the current process, because the ADMINS set is loaded once at startup. After a Scoold restart, though, the selected user is recognized as an administrator and gains access to the admin panel. This issue gives an attacker a reliable persistence path: write their own email into scoold.admins, wait for a restart or trigger one operationally, and the account comes back as admin. This issue has been patched in version 1.67.0.
AI Analysis
Technical Summary
Scoold versions before 1.67.0 have a missing authentication control on the /api/config/set/admins endpoint, allowing attackers to forge a Bearer token to modify the list of administrators. The modified admin email is saved to the configuration file but only takes effect after a restart, granting the attacker admin privileges persistently. This vulnerability is classified as CWE-306 (Missing Authentication for Critical Function). The vulnerability has a CVSS 3.1 score of 6.7 (medium severity).
Potential Impact
An attacker with the ability to forge a Bearer token accepted as an admin API token can add themselves as an administrator in the Scoold configuration. After the application restarts, the attacker gains persistent administrator access, allowing full control of the admin panel. This compromises confidentiality, integrity, and availability to a high degree within the affected system.
Mitigation Recommendations
This vulnerability is patched in Scoold version 1.67.0. Users should upgrade to version 1.67.0 or later to remediate this issue. No other official remediation or temporary fix information is provided. Patch status is not explicitly confirmed in vendor advisory content, so verify with the vendor for current remediation guidance.
CVE-2026-42176: CWE-306: Missing Authentication for Critical Function in Erudika scoold
Description
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer token that is accepted as an admin API token. Once that setting is changed, the target email address is written to the application configuration file. The change does not become active immediately in the current process, because the ADMINS set is loaded once at startup. After a Scoold restart, though, the selected user is recognized as an administrator and gains access to the admin panel. This issue gives an attacker a reliable persistence path: write their own email into scoold.admins, wait for a restart or trigger one operationally, and the account comes back as admin. This issue has been patched in version 1.67.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Scoold versions before 1.67.0 have a missing authentication control on the /api/config/set/admins endpoint, allowing attackers to forge a Bearer token to modify the list of administrators. The modified admin email is saved to the configuration file but only takes effect after a restart, granting the attacker admin privileges persistently. This vulnerability is classified as CWE-306 (Missing Authentication for Critical Function). The vulnerability has a CVSS 3.1 score of 6.7 (medium severity).
Potential Impact
An attacker with the ability to forge a Bearer token accepted as an admin API token can add themselves as an administrator in the Scoold configuration. After the application restarts, the attacker gains persistent administrator access, allowing full control of the admin panel. This compromises confidentiality, integrity, and availability to a high degree within the affected system.
Mitigation Recommendations
This vulnerability is patched in Scoold version 1.67.0. Users should upgrade to version 1.67.0 or later to remediate this issue. No other official remediation or temporary fix information is provided. Patch status is not explicitly confirmed in vendor advisory content, so verify with the vendor for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-25T01:53:21.582Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fe3b37cbff5d86101fc046
Added to database: 5/8/2026, 7:36:23 PM
Last enriched: 5/8/2026, 7:51:41 PM
Last updated: 5/9/2026, 2:30:32 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.