I’ve tried submitting through CISA cert with no response and the issue has gone from informational to severe.
DoD has a responsible disclosure: HackerOne
Update to this: The organization involved and Specters have made contact. Thanks to the folks who reached out after seeing this thread. @Specters would you mind updating as/when things get resolved? No detail required, just to keep those who might want to help informed re if their help is still needed.