EUVD-2026-37911

🗓️ 18 Jun 2026 16:12:58Reported by EUVDType

GAO and CBCA docketing systems trust epds_role_id values without verification, enabling escalation.

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-54104	18 Jun 202616:12	–	attackerkb
CVE	CVE-2026-54104	18 Jun 202616:12	–	cve
Cvelist	CVE-2026-54104 U.S. GAO EPDS and CBCA EDS client-based privilege escalation	18 Jun 202616:12	–	cvelist
NVD	CVE-2026-54104	18 Jun 202617:16	–	nvd
Positive Technologies	PT-2026-50704	18 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "26ef1989-f522-374b-bbc8-c7a65830caeb",
        "vendor": {
          "name": "Government Accountability Office"
        }
      },
      {
        "id": "5a9d3006-ca97-3d28-85c3-49e4a194836b",
        "vendor": {
          "name": "Civilian Board of Contract Appeals"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "017e5800-bbb3-36a5-96bb-b430a3bbd69e",
        "product": {
          "name": "Electronic Docketing System (EDS)",
          "vendor": {
            "name": "Civilian Board of Contract Appeals"
          }
        },
        "product_version": "0 <2026-03-19"
      },
      {
        "id": "2e6f295b-1516-3868-b789-9037996512a1",
        "product": {
          "name": "Electronic Docketing System (EDS)",
          "vendor": {
            "name": "Civilian Board of Contract Appeals"
          }
        },
        "product_version": "patch: 2026-03-19"
      },
      {
        "id": "83d7b41d-e400-3bc1-84f0-9c5030573378",
        "product": {
          "name": "Electronic Protest Docketing System (EPDS)",
          "vendor": {
            "name": "Government Accountability Office"
          }
        },
        "product_version": "0 <2026-02-22"
      }
    ]
  }
]

Source	Link
cve	www.cve.org/CVERecord
epds	www.epds.gao.gov/
eds	www.eds.cbca.gov/login
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-01.json

18 Jun 2026 16:12Current

5.2Medium risk

Vulners AI Score5.2

CVSS 48.7

CVSS 3.18.8