Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by Government Accountability Office
CVE-2026-54106 (GCVE-0-2026-54106)
Vulnerability from cvelistv5 – Published: 2026-06-18 16:13 – Updated: 2026-06-18 16:13 Exclusively Hosted Service
VLAI
Title
U.S. GAO EPDS and CBCA EDS network access control bypass
Summary
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network access controls and log in.
Severity
4.7 (Medium)
CWE
- CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/cisagov/CSAF/de… | |
| https://www.cve.org/CVERecord?id=CVE-2026-54106 | vdb-entry |
| https://epds.gao.gov/ | product |
| https://www.eds.cbca.gov/login | product |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Government Accountability Office | Electronic Protest Docketing System (EPDS) |
Affected:
0 , < 2026-02-22
(custom)
Unaffected: 2026-02-22 |
|
| Civilian Board of Contract Appeals | Electronic Docketing System (EDS) |
Affected:
0 , < 2026-03-19
(custom)
Unaffected: 2026-03-19 |
Date Public
2026-06-18 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Electronic Protest Docketing System (EPDS)",
"vendor": "Government Accountability Office",
"versions": [
{
"lessThan": "2026-02-22",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2026-02-22"
}
]
},
{
"defaultStatus": "affected",
"product": "Electronic Docketing System (EDS)",
"vendor": "Civilian Board of Contract Appeals",
"versions": [
{
"lessThan": "2026-03-19",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2026-03-19"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Blake Rash, CISA"
}
],
"datePublic": "2026-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network access controls and log in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
},
{
"other": {
"content": {
"id": "CVE-2026-54106",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T19:54:32.618326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "CWE-940 Improper Verification of Source of a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T16:13:47.351Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-01.json"
},
{
"name": "url",
"tags": [
"vdb-entry"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54106"
},
{
"name": "url",
"tags": [
"product"
],
"url": "https://epds.gao.gov/"
},
{
"name": "url",
"tags": [
"product"
],
"url": "https://www.eds.cbca.gov/login"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "U.S. GAO EPDS and CBCA EDS network access control bypass"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2026-54106",
"datePublished": "2026-06-18T16:13:47.351Z",
"dateReserved": "2026-06-11T19:41:26.775Z",
"dateUpdated": "2026-06-18T16:13:47.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54105 (GCVE-0-2026-54105)
Vulnerability from cvelistv5 – Published: 2026-06-18 16:13 – Updated: 2026-06-18 16:13 Exclusively Hosted Service
VLAI
Title
U.S. GAO EPDS and CBCA EDS user information disclosure
Summary
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a request containing an arbitrary 'user_id' parameter and receive a JSON response containing account-specific information, including the associated email address.
Severity
5.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/cisagov/CSAF/de… | |
| https://www.cve.org/CVERecord?id=CVE-2026-54105 | vdb-entry |
| https://epds.gao.gov/ | product |
| https://www.eds.cbca.gov/login | product |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Government Accountability Office | Electronic Protest Docketing System (EPDS) |
Affected:
0 , < 2026-02-22
(custom)
Unaffected: 2026-02-22 |
|
| Civilian Board of Contract Appeals | Electronic Docketing System (EDS) |
Affected:
0 , < 2026-03-19
(custom)
Unaffected: 2026-03-19 |
Date Public
2026-06-18 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Electronic Protest Docketing System (EPDS)",
"vendor": "Government Accountability Office",
"versions": [
{
"lessThan": "2026-02-22",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2026-02-22"
}
]
},
{
"defaultStatus": "affected",
"product": "Electronic Docketing System (EDS)",
"vendor": "Civilian Board of Contract Appeals",
"versions": [
{
"lessThan": "2026-03-19",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2026-03-19"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Blake Rash, CISA"
}
],
"datePublic": "2026-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) expose sensitive account information through the \u0027update-profile/\u0027 API endpoint. A remote, unauthenticated attacker can submit a request containing an arbitrary \u0027user_id\u0027 parameter and receive a JSON response containing account-specific information, including the associated email address."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-54105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T16:16:19.191886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T16:13:24.123Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-01.json"
},
{
"name": "url",
"tags": [
"vdb-entry"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54105"
},
{
"name": "url",
"tags": [
"product"
],
"url": "https://epds.gao.gov/"
},
{
"name": "url",
"tags": [
"product"
],
"url": "https://www.eds.cbca.gov/login"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "U.S. GAO EPDS and CBCA EDS user information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2026-54105",
"datePublished": "2026-06-18T16:13:24.123Z",
"dateReserved": "2026-06-11T19:41:26.775Z",
"dateUpdated": "2026-06-18T16:13:24.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54104 (GCVE-0-2026-54104)
Vulnerability from cvelistv5 – Published: 2026-06-18 16:12 – Updated: 2026-06-19 03:56 Exclusively Hosted Service
VLAI
Title
U.S. GAO EPDS and CBCA EDS client-based privilege escalation
Summary
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) trusts client-provided values for the 'epds_role_id' parameter without verification, allowing a remote, authenticated attacker to escalate their own privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.cve.org/CVERecord?id=CVE-2026-54104 | vdb-entry |
| https://epds.gao.gov/ | product |
| https://www.eds.cbca.gov/login | product |
| https://raw.githubusercontent.com/cisagov/CSAF/de… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Government Accountability Office | Electronic Protest Docketing System (EPDS) |
Affected:
0 , < 2026-02-22
(custom)
Unaffected: 2026-02-22 |
|
| Civilian Board of Contract Appeals | Electronic Docketing System (EDS) |
Affected:
0 , < 2026-03-19
(custom)
Unaffected: 2026-03-19 |
Date Public
2026-06-18 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T03:56:00.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Electronic Protest Docketing System (EPDS)",
"vendor": "Government Accountability Office",
"versions": [
{
"lessThan": "2026-02-22",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2026-02-22"
}
]
},
{
"defaultStatus": "affected",
"product": "Electronic Docketing System (EDS)",
"vendor": "Civilian Board of Contract Appeals",
"versions": [
{
"lessThan": "2026-03-19",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2026-03-19"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Blake Rash, CISA"
}
],
"datePublic": "2026-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) trusts client-provided values for the \u0027epds_role_id\u0027 parameter without verification, allowing a remote, authenticated attacker to escalate their own privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2026-54104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T16:16:59.303813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T16:12:58.699Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"tags": [
"vdb-entry"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54104"
},
{
"name": "url",
"tags": [
"product"
],
"url": "https://epds.gao.gov/"
},
{
"name": "url",
"tags": [
"product"
],
"url": "https://www.eds.cbca.gov/login"
},
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-01.json"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "U.S. GAO EPDS and CBCA EDS client-based privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2026-54104",
"datePublished": "2026-06-18T16:12:58.699Z",
"dateReserved": "2026-06-11T19:41:26.775Z",
"dateUpdated": "2026-06-19T03:56:00.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54103 (GCVE-0-2026-54103)
Vulnerability from cvelistv5 – Published: 2026-06-18 16:12 – Updated: 2026-06-19 03:55 Exclusively Hosted Service
VLAI
Title
U.S. GAO EPDS and CBCA EDS unauthenticated password change
Summary
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could change an arbitrary user's password.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/cisagov/CSAF/de… | |
| https://www.cve.org/CVERecord?id=CVE-2026-54103 | vdb-entry |
| https://epds.gao.gov/ | product |
| https://www.eds.cbca.gov/login | product |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Government Accountability Office | Electronic Protest Docketing System (EPDS) |
Affected:
0 , < 2026-02-22
(custom)
Unaffected: 2026-02-22 |
|
| Civilian Board of Contract Appeals | Electronic Docketing System (EDS) |
Affected:
0 , < 2026-03-19
(custom)
Unaffected: 2026-03-19 |
Date Public
2026-06-18 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T03:55:58.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Electronic Protest Docketing System (EPDS)",
"vendor": "Government Accountability Office",
"versions": [
{
"lessThan": "2026-02-22",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2026-02-22"
}
]
},
{
"defaultStatus": "affected",
"product": "Electronic Docketing System (EDS)",
"vendor": "Civilian Board of Contract Appeals",
"versions": [
{
"lessThan": "2026-03-19",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2026-03-19"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Blake Rash, CISA"
}
],
"datePublic": "2026-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the \u0027/update-profile/N\u0027 API endpoint. A remote, unauthenticated attacker could change an arbitrary user\u0027s password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2026-54103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T16:17:36.004930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T16:12:35.433Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-01.json"
},
{
"name": "url",
"tags": [
"vdb-entry"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54103"
},
{
"name": "url",
"tags": [
"product"
],
"url": "https://epds.gao.gov/"
},
{
"name": "url",
"tags": [
"product"
],
"url": "https://www.eds.cbca.gov/login"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "U.S. GAO EPDS and CBCA EDS unauthenticated password change"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2026-54103",
"datePublished": "2026-06-18T16:12:35.433Z",
"dateReserved": "2026-06-11T19:41:26.775Z",
"dateUpdated": "2026-06-19T03:55:58.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}