Skip to main content

GAO EPDS CVE-2026-54105

| EUVDEUVD-2026-37912 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-18 cisa-cg GHSA-79rr-2p25-73c5
6.9
CVSS 4.0 · Vendor: cisa-cg
Share

Severity by source

Vendor (cisa-cg) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-accessible unauthenticated endpoint discloses only low-sensitivity account metadata (email); no integrity or availability impact applies.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (cisa-cg).

CVSS VectorVendor: cisa-cg

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jun 18, 2026 - 19:01 EUVD
Analysis Generated
Jun 18, 2026 - 17:11 vuln.today
CVE Published
Jun 18, 2026 - 16:13 cve.org
MEDIUM 6.9

DescriptionCVE.org

The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a request containing an arbitrary 'user_id' parameter and receive a JSON response containing account-specific information, including the associated email address.

AnalysisAI

Insecure Direct Object Reference (IDOR) in the U.S. Government Accountability Office Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals Electronic Docketing System (EDS) permits remote unauthenticated attackers to harvest account-specific information from any registered user. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify target API endpoint URL
Delivery
Send unauthenticated HTTP request with arbitrary user_id
Exploit
Receive JSON response with account email and metadata
Execution
Iterate user_id values to enumerate full user registry
Impact
Harvest email list for downstream phishing or targeting

Vulnerability AssessmentAI

Exploitation No special conditions are required for exploitation against both GAO EPDS and CBCA EDS. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 6.9 with a vector of AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N places this as a medium-severity finding by score alone, but the practical risk is disproportionately higher for the affected user population. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker writes a simple script that iterates integer values for the 'user_id' parameter in HTTP requests to the 'update-profile/' endpoint of epds.gao.gov or eds.cbca.gov, collecting the JSON response for each valid identifier. Within minutes, the attacker assembles a full directory of registered user email addresses, which can then be used to launch targeted phishing campaigns impersonating GAO or CBCA communications to attorneys and contracting officers involved in active bid protests. …
Remediation No vendor-released patched version has been independently confirmed at time of analysis; the affected version range in both CPE strings uses a wildcard. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54105 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy