CVE-2026-6885 CRITICAL

CVE-2026-6885: BorG Technology Corporation|Borg SPM 2007 - Arbitrary File Upload

Vendor Borg Technology Corporation
Product Borg SPM 2007
Weakness CWE-434 · Unrestricted file upload
Published April 23, 2026
Last update April 23, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Key dates

02Disclosure timeline

April 23, 2026 CVE published
April 23, 2026 Record updated

Related vulnerabilities

04Related CVE