{"vulnerability": "cve-2026-54103", "sightings": [{"uuid": "9055a76e-176e-465d-8e39-4b45f19b1db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54103", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3molffdqjrw2f", "content": "CVE-2026-54103 - U.S. GAO EPDS and CBCA EDS unauthenticated password change\nCVE ID : CVE-2026-54103\n \n Published : June 18, 2026, 4:12 p.m. | 1\u00a0hour, 30\u00a0minutes ago\n \n Description : The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and ...", "creation_timestamp": "2026-06-18T17:52:23.589341Z"}, {"uuid": "ecdaf8ba-2df9-43aa-a96f-5a25455b90d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54103", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3molci2fbib2u", "content": "CRITICAL (CVSS 9.8) vuln in GAO EPDS/CBCA EDS: unauthenticated password change via API. Restrict '/update-profile/N' & monitor until patched. Details: https://radar.offseq.com/threat/cve-2026-54103-cwe-306-missing-authentication-for--c02db531e70d9ca2 #OffSeq #Cybersecurity #CVE202654103", "creation_timestamp": "2026-06-18T17:00:14.194293Z"}, {"uuid": "245ca7f6-e1de-4c1c-bb44-68dfa00cabb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54103", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116772176604613913", "content": "CVE-2026-54103 (CRITICAL, CVSS 9.8): GAO EPDS & CBCA EDS lack authentication on password change API, enabling remote takeover. No patch yet. Restrict access, monitor logs. Details: https://radar.offseq.com/threat/cve-2026-54103-cwe-306-missing-authentication-for--c02db531e70d9ca2 #OffSeq #Vuln #CVE202654103 #GovSec", "creation_timestamp": "2026-06-18T17:00:14.370939Z"}, {"uuid": "4bbee15b-0f55-4b16-96c6-6cd24dc1818b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54103", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116772804679530962", "content": "lol. lmao.\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-54103\n\nThe U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could change an arbitrary user's password.", "creation_timestamp": "2026-06-18T19:39:55.838549Z"}]}