CVE-2026-6887 affects Borg SPM 2007, a sales management system developed by BorG Technology Corporation (sales ended in 2008). The vulnerability allows unauthenticated remote attackers to perform SQL injection attacks, enabling them to inject arbitrary SQL commands into the database. Attackers can exploit this vulnerability to read sensitive data from the database, modify existing records, or delete database contents entirely. Despite the product being discontinued, systems may still be in use and vulnerable to attack. The vulnerability poses significant risk due to the lack of authentication requirements and the potential for complete database compromise.