PatchSiren

U.S. Government Accountability Office (GAO) CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL U.S. Government Accountability Office (GAO) CVE published 2026-06-18

CVE-2026-54103

CVE-2026-54103 is a critical vulnerability in the U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS). The system fails to authenticate password change requests to the '/update-profile/N' API endpoint, allowing a remote, unauthenticated attacker to change an arbitrary user's password. This vu [truncated]