CyberRota
← Ana sayfaya dön

CVE-2026-54103

CRITICAL · CVSS 9.8 EPSS %0.43

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-18T17:16:33.387 · Çekilme zamanı: 2026-06-30T18:27:18.642171+00:00

CyberRota Yorumu

Uzaktan istismar edilebilir olabilir.

CVE
CVE-2026-54103
Severity
CRITICAL
CVSS
9.8
EPSS
%0.43
Office

Orijinal NVD Açıklaması

The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could change an arbitrary user's password.