Home / Vulnerability Intelligence / CVE-2026-6885

CVE-2026-6885 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 23, 2026

BorG Technology Corporation Borg SPM - Unrestricted File Upload

Published: April 23, 2026Updated: April 23, 2026Remote Exploitable

Overview

BorG Technology Corporation Borg SPM 2007 contains an unrestricted file upload vulnerability allowing unauthenticated remote attackers to upload and execute web shell backdoors, letting attackers execute arbitrary code on the server, exploit requires no authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated attackers can upload and execute arbitrary code, leading to full server compromise.

Mitigation

Update to the latest available version or apply vendor patches if available.

References

https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html
https://www.twcert.org.tw/en/cp-139-10863-2f48e-2.html

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-6885
Severity: Critical
CVSS Score: 9.8
Type: unrestricted_file_upload
Status: new

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H