| TVN ID | TVN-202604009 |
|---|---|
| CVE ID | CVE-2026-6885, CVE-2026-6886, CVE-2026-6887 |
| CVSS | 【CVE-2026-6885】 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 【CVE-2026-6886】 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 【CVE-2026-6887】 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | Borg SPM 2007(Sales Ended in 2008) |
| Description | 【CVE-2026-6885(Arbitrary File Upload)】 Unauthenticated remote attackers can upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. 【CVE-2026-6886(Authentication Bypass)】 Unauthenticated remote attackers can log into the system as any user. 【CVE-2026-6887(SQL Injection)】 Unauthenticated remote attackers can inject arbitrary SQL commands to read, modify, and delete database contents. |
| Solution | Regardless of the current system version, customers with active maintenance contracts are advised to contact the vendor for patching assistance or upgrade to the latest version (SPM2025 SP1 has successfully passed source code security audits). |
| Credit | Xin Yu Lin(DEVCORE) |
| Public Date | 2026-04-23 |
:::