Description
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
Published: 2026-04-23
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

Borg SPM 2007 contains an authentication bypass flaw that allows an unauthenticated attacker to log in as any user on the system. The vulnerability enables fully privileged access without the need to supply valid credentials, potentially exposing sensitive data, configuration files, and administrative controls. The weakness is identified as CWE-1390, indicating a flaw in the authentication mechanism.

Affected Systems

The product is Borg SPM 2007 from BorG Technology Corporation. The system was sold until 2008, and no specific sub‑versions are mentioned beyond the product name. No affected version list is available.

Risk and Exploitability

The CVSS score of 9.3 classifies the flaw as Critical, and the EPSS score of less than 1% suggests a very low probability of widespread exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote and unauthenticated, meaning that an attacker requires only network access to the service to attempt a login bypass. If successful, the attacker can act with the privileges of the account that is injected.

Generated by OpenCVE AI on April 28, 2026 at 14:56 UTC.

Remediation

Vendor Solution

Regardless of the current system version, customers with active maintenance contracts are advised to contact the vendor for patching assistance or upgrade to the latest version (SPM2025 SP1 has successfully passed source code security audits).

OpenCVE Recommended Actions

  • Contact the vendor for patching assistance or upgrade to the latest version SPM2025 SP1
  • Restrict remote access to the Borg SPM 2007 system using firewall rules to limit connections to trusted hosts
  • Enable logging and monitor for suspicious login attempts or anomalous authentication activity

Generated by OpenCVE AI on April 28, 2026 at 14:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Borg Technology Corporation
Borg Technology Corporation borg Spm 2007
Vendors & Products Borg Technology Corporation
Borg Technology Corporation borg Spm 2007

Thu, 23 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Description Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
Title BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass
Weaknesses CWE-1390
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Borg Technology Corporation Borg Spm 2007
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-04-23T12:15:44.087Z

Reserved: 2026-04-23T02:43:17.685Z

Link: CVE-2026-6886

cve-icon Vulnrichment

Updated: 2026-04-23T12:15:39.227Z

cve-icon NVD

Status : Deferred

Published: 2026-04-23T10:16:18.390

Modified: 2026-05-19T15:52:30.143

Link: CVE-2026-6886

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T15:00:14Z

Weaknesses