GHSA-96f7-vmp7-7rvhMediumCVSS 4.7

The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and...

Published
June 18, 2026
Last Modified
June 18, 2026

🔗 CVE IDs covered (1)

📋 Description

The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network access controls and log in.

🔗 References (6)