Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable web app, trivial parameter tampering, requires any authenticated account (PR:L), no user interaction, full impact on docketing data confidentiality, integrity, and availability.
Primary rating from Vendor (cisa-cg).
CVSS VectorVendor: cisa-cg
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) trusts client-provided values for the 'epds_role_id' parameter without verification, allowing a remote, authenticated attacker to escalate their own privileges.
AnalysisAI
Privilege escalation in the U.S. GAO Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals Electronic Docketing System (EDS) allows authenticated remote attackers to elevate their privileges by tampering with the client-supplied 'epds_role_id' parameter, which the server accepts without verification. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must hold a valid authenticated account on either https://epds.gao.gov/ (EPDS) or https://www.eds.cbca.gov/login (EDS) - the CVSS PR:L confirms low-privilege authentication is required - and must be able to send an HTTP request that includes the 'epds_role_id' parameter. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N with VC/VI/VA all High reflects a network-reachable, low-complexity flaw exploitable by any authenticated user with no interaction, producing full confidentiality, integrity, and availability impact on docketing data - protest filings, sealed exhibits, and adjudication records. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A registered EPDS or EDS user - for example, an attorney with a low-privilege filer account - logs in normally, then intercepts an authenticated request with a web proxy and modifies the 'epds_role_id' value to that of an administrator or adjudicator role. The server honors the substituted identifier without checking it against the session, granting the attacker access to other parties' protest filings, sealed exhibits, and administrative functions; no public exploit is identified at time of analysis but the technique is trivial enough to be reproduced from the advisory alone. |
| Remediation | Patch available per vendor advisory: GAO deployed the EPDS fix on 2026-02-22 and CBCA deployed the EDS fix on 2026-03-19, both applied server-side to the hosted services, so users do not need to take direct action beyond confirming they are accessing the live production sites at https://epds.gao.gov/ and https://www.eds.cbca.gov/login. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Verify your organization's operational reliance on EPDS or EDS; contact the GAO or CBCA to confirm patch deployment status in your environment. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Authentication bypass in the U.S. Government Accountability Office Electronic Protest Docketing System (EPDS) and the Ci
Insecure Direct Object Reference (IDOR) in the U.S. Government Accountability Office Electronic Protest Docketing System
Network access control bypass in the U.S. Government Accountability Office Electronic Protest Docketing System (EPDS) an
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37911
GHSA-768x-r5g5-79vc