Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-6885

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Ver en NVD

Análisis

This vulnerability affects Borg SPM 2007, a legacy product that reached end-of-sale in 2008. While the impact is a critical unauthenticated remote code execution, the software is too old and obscure to be relevant to a modern software development community.

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-434

EPSS

Probabilidad de explotación (próx. 30 días): 0.0025 (0.3%)
Percentil: 48.4%
EPSS: 2026-05-06

Descripción técnica

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Publicada: 23/4/2026, 10:16:18
Última modificación: 24/4/2026, 14:50:56

Referencias

InicioEventosBlogRecursosEquipo