Global Entry, used by millions of busy passengers traveling to the U.S., is “vulnerable” to criminals taking advantage of weaknesses in the system, according to a new report by a government watchdog.

The immigration and border check system, designed to allow vetted low-risk travelers expedited entry to the U.S., has more than six million people signed up to date. U.S. citizens and other foreign nationals from a list of cleared countries can apply, allowing passengers to skip the lines and check in with their passport and immigration documents at a kiosk instead.

Once the kiosk verifies the passenger, a border officer must verify the authenticity of the receipt, where the passenger is granted entry to the country or told they are subject to additional screening.

The system is relatively simple. “If low-risk status cannot be determined, the application must be denied.” High-risk passengers could include anyone with a conviction or linked to an investigation.

But a report by Homeland Security’s inspector general said a Customs and Border Protection (CBP) officer were not properly checking receipts to ensure they hadn’t been altered or falsified — potentially allowing non-cleared passengers into the U.S. without the proper inspection checks.

The redacted report, out Friday, said human error was largely to blame for the flaws in the system.

“During the airport arrival process CBP officers granted some Global Entry members expedited entry without verifying the authenticity of their kiosk receipts,” said the report.

“Unless CBP officers authenticate kiosk receipts, someone could use a fake receipt to enter the U.S.,” it read.

These receipts have two basic security features — a security check digit and a daily-rotating security code — which CBP officers use to visually check in order to process a passenger. Exactly how these codes work were largely redacted, but CBP supervisors complained that properly validating the codes were “cumbersome” and may extend passenger waiting times.

The watchdog found that CBP staff were often not even told the daily security code, preventing officers from properly checking if a passenger’s receipt was authentic. Worse, when the inspectors found the daily security code had been breached — such as when a receipt is discarded or posted on the internet — CBP staff “failed to take corrective action” when notified.

“A traveler with malicious intent could use a compromised daily security code to gain expedited entry into the U.S.,” wrote the report.

The report did not say how many ineligible “potentially high-risk” passengers are currently signed up to Global Entry, but said based on its tests at nine airports that as many as 5,700 Global Entry members may not have had their receipts properly authenticated at the border.

The watchdog said unless CBP redesigns the receipt authentication process, “travelers with malicious intent may gain expedited entry using a fraudulent receipt.”

In its response, CBP said it has “begun implementation” on fixing the six issues raised by the watchdog, with which the agency concurs.