Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-6885 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2026 |
| Date Published | 2026-04-23 |
| Vendor | BorG Technology Corporation |
| Product | Borg SPM 2007 |
| CVSS Score | 9.8 (critical) |
| EPSS Score | No data |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Required Actions
Borg SPM 2007 has reached end of life (EOL) - sales ended in 2008 and patches are not available. Plan migration to a currently supported product immediately. Until decommissioning, restrict network access to the server to trusted IP addresses only, monitor upload directories for suspicious files (especially .asp, .aspx, .php), and consider placing the system behind a WAF.
Who Is Affected?
This vulnerability affects Borg SPM 2007 by BorG Technology Corporation - a system for which sales ended in 2008. Check whether your organization still uses this software and plan migration to a supported system without delay.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
