CVE-2026-6886
Published: 23 April 2026
Summary
CVE-2026-6886 is a critical-severity Weak Authentication (CWE-1390) vulnerability in Org (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the authentication bypass flaw in Borg SPM 2007, preventing unauthenticated remote attackers from logging in as any user.
Ensures organizational users are identified and authenticated, countering the vulnerability that allows impersonation without credentials.
Enforces approved access authorizations, blocking unauthorized logical access enabled by the authentication bypass.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2026-6886 is a critical authentication bypass in a network-accessible service (AV:N/PR:N), directly enabling T1190 (Exploit Public-Facing Application) for initial access. Exploitation impersonates any user, facilitating T1068 (Exploitation for Privilege Escalation) to gain full system control.
NVD Description
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
Deeper analysisAI
CVE-2026-6886 is an authentication bypass vulnerability in Borg SPM 2007, a software product developed by BorG Technology Corporation with sales ending in 2008. The flaw, linked to CWE-1390, enables unauthenticated remote attackers to log into the system as any user. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its critical severity due to network accessibility, low attack complexity, and lack of prerequisites.
Unauthenticated remote attackers can exploit this vulnerability over the network without privileges or user interaction. Successful exploitation allows attackers to impersonate any user account, potentially compromising full system control and leading to high impacts on confidentiality, integrity, and availability.
Advisories from TWCERT/CC detail the vulnerability at https://www.twcert.org.tw/en/cp-139-10863-2f48e-2.html and https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html, which security practitioners should consult for mitigation guidance. The vulnerability was published on 2026-04-23T10:16:18.390.
Details
- CWE(s)