CVE-2026-6887
Published: 23 April 2026
Description
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection in Borg SPM 2007 by validating and sanitizing unauthenticated remote user inputs before database processing.
Requires timely identification, reporting, and correction of the specific SQL injection flaw (CVE-2026-6887) in Borg SPM 2007.
Prohibits use of unsupported system components like Borg SPM 2007, with sales ended in 2008, eliminating exposure to this vulnerability.
Security SummaryAI
CVE-2026-6887, published on 2026-04-23, is a SQL injection vulnerability (CWE-89) affecting Borg SPM 2007, a software product developed by BorG Technology Corporation with sales ending in 2008. The flaw enables unauthenticated remote attackers to inject arbitrary SQL commands into the application, potentially compromising the underlying database.
Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity, requiring no privileges or user interaction. Successful exploitation grants high-impact access to read, modify, and delete database contents, reflected in the CVSS 3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Advisories from TWCERT/CC detail the vulnerability and mitigation guidance at https://www.twcert.org.tw/en/cp-139-10863-2f48e-2.html and https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html.
Details
- CWE(s)
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in a public-facing application enables exploitation of remote services (T1190) and data collection/modification from databases (T1213.006).