What is CVE-2026-54103?

CVE-2026-54103 is a critical-severity vulnerability, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2026-06-18.

How severe is CVE-2026-54103?

Critical severity. CVSS v3 base score is 9.8 out of 10.

CVE-2026-54103

CVE-2026-54103

The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the '/update-profi…

Vulnerability class: Broken Authentication

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725 (vdb-entry)
9119a7d8-5eab-497f-8521-727c672e3725 (product)
9119a7d8-5eab-497f-8521-727c672e3725 (product)

Frequently asked questions

What is CVE-2026-54103?: CVE-2026-54103 is a critical-severity vulnerability, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2026-06-18.
How severe is CVE-2026-54103?: Critical severity. CVSS v3 base score is 9.8 out of 10.