CVE-2026-6885

CRITICAL

BorG Technology Corporation｜Borg SPM 2007 - Arbitrary File Upload

Title source: cna

Description

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

References (2)

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html

[Third Party Advisory] https://www.twcert.org.tw/en/cp-139-10863-2f48e-2.html

Scores

CVSS v3 9.8

EPSS 0.0025

EPSS Percentile 48.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

BorG Technology Corporation/Borg SPM 2007

Published Apr 23, 2026

Tracked Since Apr 23, 2026