Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-6887 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-6887 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-6887 is a SQL injection vulnerability in Borg SPM 2007, a Sales Performance Management application developed by BorG Technology Corporation, which reached end-of-sale in 2008 and is no longer supported.

Technical Detail

The vulnerability exists in Borg SPM 2007 due to insufficient sanitization of user-supplied input passed to backend SQL queries. An unauthenticated remote attacker can inject arbitrary SQL commands without any prior authentication, enabling unauthorized read and modification of database contents. Depending on database server configuration and permissions, exploitation could extend to full data exfiltration, data manipulation, or potentially operating system-level command execution via database-native features such as xp_cmdshell or similar mechanisms.

Exploitation Status

No known exploit code has been identified at this time, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit, meaning no public proof-of-concept or confirmed in-the-wild exploitation has been documented as of April 30, 2026. However, SQL injection vulnerabilities of this class are well understood and trivial to develop exploits for, which lowers the practical barrier to exploitation.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence. Given the product reached end-of-sale in 2008, any remaining deployments represent legacy infrastructure that may attract opportunistic attackers scanning for unpatched legacy systems.

What To Do

BorG Technology Corporation ended sales of Borg SPM 2007 in 2008, and no vendor patch or security update is expected. Organizations still running this software should treat it as unsupported legacy software and prioritize immediate decommissioning or migration to a supported alternative. If decommissioning is not immediately feasible, isolate the application from public-facing network access using firewall rules or network segmentation, and place it behind authenticated access controls to reduce the unauthenticated attack surface. Deploy a web application firewall with SQL injection detection rules as a compensating control. Audit database accounts associated with this application and apply least-privilege principles to limit the impact of any successful injection. Conduct a review of database logs for anomalous query patterns that may indicate prior exploitation attempts.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →