CVE-2026-6885: CWE-434 Unrestricted upload of file with dangerous type in BorG Technology Corporation Borg SPM 2007
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
AI Analysis
Technical Summary
CVE-2026-6885 describes an arbitrary file upload vulnerability (CWE-434) in BorG Technology Corporation's Borg SPM 2007 product. This vulnerability permits unauthenticated remote attackers to upload files of dangerous types, such as web shells, which can be executed on the server to achieve arbitrary code execution. The product was discontinued in 2008, and no official remediation or patch is available. The vulnerability is rated critical with a CVSS 4.0 score of 9.3, reflecting network attack vector, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows unauthenticated attackers to upload and execute arbitrary code on the server hosting Borg SPM 2007. This can lead to full compromise of the affected system, including unauthorized access, data theft, and disruption of services. Given the lack of patch and the product's end-of-life status, affected systems remain vulnerable unless mitigated by other means.
Mitigation Recommendations
No official patch or remediation is available due to the product being discontinued since 2008. Users of Borg SPM 2007 should discontinue use of this software or isolate affected systems from untrusted networks to prevent exploitation. Consider migrating to supported and actively maintained software solutions. Monitor for any unusual activity on systems still running this product.
CVE-2026-6885: CWE-434 Unrestricted upload of file with dangerous type in BorG Technology Corporation Borg SPM 2007
Description
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-6885 describes an arbitrary file upload vulnerability (CWE-434) in BorG Technology Corporation's Borg SPM 2007 product. This vulnerability permits unauthenticated remote attackers to upload files of dangerous types, such as web shells, which can be executed on the server to achieve arbitrary code execution. The product was discontinued in 2008, and no official remediation or patch is available. The vulnerability is rated critical with a CVSS 4.0 score of 9.3, reflecting network attack vector, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows unauthenticated attackers to upload and execute arbitrary code on the server hosting Borg SPM 2007. This can lead to full compromise of the affected system, including unauthorized access, data theft, and disruption of services. Given the lack of patch and the product's end-of-life status, affected systems remain vulnerable unless mitigated by other means.
Mitigation Recommendations
No official patch or remediation is available due to the product being discontinued since 2008. Users of Borg SPM 2007 should discontinue use of this software or isolate affected systems from untrusted networks to prevent exploitation. Consider migrating to supported and actively maintained software solutions. Monitor for any unusual activity on systems still running this product.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- twcert
- Date Reserved
- 2026-04-23T02:43:16.164Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e9eb8887115cfb68f9fc51
Added to database: 4/23/2026, 9:51:04 AM
Last enriched: 4/23/2026, 10:06:26 AM
Last updated: 4/24/2026, 6:07:57 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.