Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-6887 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2026 |
| Date Published | 2026-04-23 |
| Vendor | BorG Technology Corporation |
| Product | Borg SPM 2007 |
| CVSS Score | 9.8 (critical) |
| EPSS Score | No data |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Required Actions
Borg SPM 2007 has reached end of life (EOL) - patches are not available. Plan migration to a currently supported product immediately. Until decommissioning, restrict network access to the application to trusted networks only, place the system behind a WAF with rules blocking common SQL injection patterns, and back up the database.
Who Is Affected?
This vulnerability affects Borg SPM 2007 by BorG Technology Corporation - a system for which sales ended in 2008. Check whether your organization still uses this software and plan migration without delay.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
