Back to CVE List

CVE-2026-54106

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.7 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Vulnerability Description

The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network access controls and log in.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-940
Source
NVD
Vendor
Government Accountability Office, Civilian Board of Contract Appeals
Product
Electronic Protest Docketing System (EPDS), Electronic Docketing System (EDS)

External References

Discussion (0)

Add Comment

No comments yet. Be the first!