← voltar
CVE-2026-54103

U.S. GAO EPDS and CBCA EDS unauthenticated password change

CVSS 9.3 CRITICALEPSS 0.4%CWE-306
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could change an arbitrary user's password.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Civilian Board of Contract Appeals · Electronic Docketing System (EDS)Government Accountability Office · Electronic Protest Docketing System (EPDS)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://epds.gao.gov/https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-01.jsonhttps://www.cve.org/CVERecord?id=CVE-2026-54103https://www.eds.cbca.gov/login