Skip to main content

Borg SPM 2007 CVE-2026-6887

| EUVDEUVD-2026-25213 CRITICAL
SQL Injection (CWE-89)
2026-04-23 twcert
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
Apr 24, 2026 - 14:52 vuln.today
cvss_changed
Analysis Generated
Apr 23, 2026 - 10:30 vuln.today
CVSS changed
Apr 23, 2026 - 10:22 NVD
9.8 (CRITICAL) 9.3 (CRITICAL)
EUVD ID Assigned
Apr 23, 2026 - 10:00 euvd
EUVD-2026-25213
Analysis Generated
Apr 23, 2026 - 10:00 vuln.today
CVE Published
Apr 23, 2026 - 09:30 nvd
CRITICAL 9.3

DescriptionCVE.org

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

AnalysisAI

SQL injection in Borg SPM 2007 allows unauthenticated remote attackers to execute arbitrary SQL commands via network requests, enabling complete database compromise including read, modify, and delete operations. This legacy product (sales ended 2008) receives a critical CVSS 9.3 score with network vector, low complexity, and no authentication required. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify network-exposed Borg SPM 2007 instance
Delivery
Send crafted HTTP request with SQL payload
Exploit
Inject malicious SQL commands into application query
Execution
Execute unauthorized database operations
Impact
Exfiltrate or modify sensitive data

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation against network-accessible Borg SPM 2007 installations per CVSS vector AV:N/AC:L/PR:N/UI:N. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates maximum exploitability: network-accessible attack surface with low complexity and zero authentication requirements, enabling any remote attacker to exploit this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker identifies an internet-exposed Borg SPM 2007 installation through banner grabbing or reconnaissance of Taiwan-based organizations. Without any authentication, the attacker sends HTTP requests containing SQL injection payloads in user-controllable parameters such as search fields, login forms, or report generation interfaces. …
Remediation No vendor-released patch identified at time of analysis due to the product's end-of-life status (sales ended 2008). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running Borg SPM 2007 and isolate them from production networks or external connectivity; disable remote access if operationally feasible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-6887 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy