Home / Vulnerability Intelligence / CVE-2026-6885

CVE-2026-6885 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 24, 2026

BorG Technology Corporation Borg SPM - Unrestricted File Upload

Published: April 23, 2026Updated: April 24, 2026Remote Exploitable

Overview

BorG Technology Corporation Borg SPM 2007 contains an unrestricted file upload vulnerability allowing unauthenticated remote attackers to upload and execute web shell backdoors, letting attackers execute arbitrary code on the server, exploit requires no authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 19.1%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can upload and execute arbitrary code, leading to full server compromise.

Mitigation

Update to the latest available version or apply vendor patches if available.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 23, 2026

🔴 CVE-2026-6885 - Critical (9.8) Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6885/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-6885
Severity: Critical
CVSS Score: 9.8
Type: unrestricted_file_upload
Status: unconfirmed
EPSS: 19.1%
Social Posts: 1

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

19.1%Probability of exploitation in the next 30 days