PatchSiren

U.S. Government Accountability Office CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM U.S. Government Accountability Office CVE published 2026-06-18

CVE-2026-54105

The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) are vulnerable to sensitive account information exposure. A remote, unauthenticated attacker can exploit this vulnerability by submitting a request with an arbitrary 'user_id' parameter to the 'update-profile/' API endpoint, receiving a [truncated]