Skip to main content

Borg SPM 2007 EUVDEUVD-2026-25211

| CVE-2026-6886 CRITICAL
Weak Authentication (CWE-1390)
2026-04-23 twcert GHSA-qxgc-wc3f-24c9
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
Apr 24, 2026 - 14:52 vuln.today
cvss_changed
Analysis Generated
Apr 23, 2026 - 10:30 vuln.today
CVSS changed
Apr 23, 2026 - 10:22 NVD
9.8 (CRITICAL) 9.3 (CRITICAL)
EUVD ID Assigned
Apr 23, 2026 - 10:00 euvd
EUVD-2026-25211
Analysis Generated
Apr 23, 2026 - 10:00 vuln.today
CVE Published
Apr 23, 2026 - 09:25 nvd
CRITICAL 9.3

DescriptionCVE.org

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.

AnalysisAI

Authentication bypass in Borg SPM 2007 allows remote unauthenticated attackers to impersonate any user and gain complete system access without credentials. This discontinued product (sales ended 2008) presents maximum network exposure (CVSS:4.0 9.3, AV:N/AC:L/PR:N) with trivial exploitation conditions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify internet-exposed Borg SPM 2007 instance
Delivery
Send crafted authentication bypass request
Exploit
Gain unauthorized access as target user
Execution
Access sensitive sales/customer data
Impact
Establish persistence or pivot to other systems

Vulnerability AssessmentAI

Exploitation No special conditions-remote unauthenticated exploitation against default configurations of Borg SPM 2007. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 9.3 reflects maximum network exploitability (AV:N/AC:L/PR:N/UI:N) with high confidentiality, integrity, and availability impact on the vulnerable system. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker identifies an internet-facing Borg SPM 2007 instance through banner grabbing or web application fingerprinting. The attacker crafts HTTP requests that bypass authentication checks entirely, gaining immediate access to the application as an administrative or privileged user without providing any credentials. …
Remediation No vendor-released patch exists or will be developed for this end-of-life product discontinued in 2008. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct inventory scan to identify any Borg SPM 2007 instances on the network and document business justification for continued operation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-25211 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy