Cybersecurity NewsArchived Jun 17, 2026✓ Full text saved
Fortra has disclosed a critical security vulnerability in its Core Privileged Access Manager (BoKS) that could allow remote attackers to execute arbitrary commands on affected systems. CVE-2026-9862 is a critical OS command injection (CWE-78) flaw in the boks_autoregisterd service, carrying a CVSS 9.8 severity rating. It exists within the autoregistration functionality of BoKS, a component […] The post Fortra Access Manager Vulnerability Enables Remote Command Injection Attacks appeared first on
Full text archived locally
✦ AI Summary· Claude Sonnet
Discover more
Malware detection software
Cyberattack prevention guide
Threat intelligence platform
HomeCyber Security News
Fortra Access Manager Vulnerability Enables Remote Command Injection Attacks
By Abinaya
June 17, 2026
Fortra has disclosed a critical security vulnerability in its Core Privileged Access Manager (BoKS) that could allow remote attackers to execute arbitrary commands on affected systems.
CVE-2026-9862 is a critical OS command injection (CWE-78) flaw in the boks_autoregisterd service, carrying a CVSS 9.8 severity rating.
It exists within the autoregistration functionality of BoKS, a component that automatically registers hosts in the privileged access management environment.
Due to improper neutralization of user-supplied input, attackers can craft malicious requests that inject operating system commands during the autoregistration process.
Security researchers identified that the vulnerable service listens on TCP port 6507 by default, making it reachable over the network in many deployments.
Fortra Access Manager Vulnerability
An unauthenticated attacker with network access to this service can exploit the flaw without requiring user interaction or prior privileges.
Successful exploitation enables the execution of arbitrary commands with the service’s privileges, which can lead to full system compromise, data manipulation, or service disruption.
Given the critical nature of the flaw and the lack of authentication requirements, it poses a significant risk to organizations that rely on BoKS for privileged access management.
Attackers could potentially leverage this weakness to move laterally across networks, escalate privileges, or deploy malware.
Fortra has acknowledged the issue and provided temporary mitigation measures while security updates are being prepared.
Organizations are strongly advised to restrict network access to the boks_autoregisterd service, particularly limiting exposure of port 6507 to untrusted networks. This can be achieved through firewall rules or network segmentation.
According to Fortra advisory FI-2026-007, the vulnerability was identified on May 27, 2026, and publicly disclosed on June 15, 2026.
As an additional workaround, administrators can turn off the vulnerable service entirely. This involves modifying the boksinit configuration file on the BoKS Master system by commenting out the autoregisterd service entry.
After updating the configuration, the service manager must be reloaded, or the BoKS service restarted to apply the changes. While this mitigation prevents exploitation, it also turns off autoregistration until the configuration is restored.
Security teams should monitor their environments for any unusual activity associated with the autoregistration service, including unexpected command execution or suspicious network traffic targeting port 6507.
Applying vendor patches as soon as they become available is critical to remediate the risk fully.
The disclosure of CVE-2026-9862 underscores the ongoing risks posed by exposed management services. It underscores the importance of secure coding practices, particularly input validation, to prevent command injection vulnerabilities.
CISO & Security Leaders: Your next breach may not have a face. Join ISC2’s LIVE webinar, “Ghost in the Machine” – Book Your Spot Here
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets
Using Real-Time Network Monitoring to Spot Suspicious Application Behavior on macOS
UNC3753 Uses Screen-Sharing Sessions and RMM Tools to Exfiltrate Sensitive Legal Data
Infinite Campus Data Breach Exposes 137,000 Users Personal Details
Windows Collaborative Translation Framework 0-Day Vulnerability Allows Privilege Escalation
Latest News
Cyber Security
U.S. Commerce Dept Imposes Export Controls on Anthropic’s Claude Mythos 5 and Fable 5
Cyber Security
Hackers Compromised 140+ Mastra npm Packages to Deploy Password-Stealing Malware
Cyber Security
AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox
Cyber Security News
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
Chrome
Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now!