CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 17, 2026

Fortra Access Manager Vulnerability Enables Remote Command Injection Attacks

Cybersecurity News Archived Jun 17, 2026 ✓ Full text saved

Fortra has disclosed a critical security vulnerability in its Core Privileged Access Manager (BoKS) that could allow remote attackers to execute arbitrary commands on affected systems. CVE-2026-9862 is a critical OS command injection (CWE-78) flaw in the boks_autoregisterd service, carrying a CVSS 9.8 severity rating. It exists within the autoregistration functionality of BoKS, a component […] The post Fortra Access Manager Vulnerability Enables Remote Command Injection Attacks appeared first on

Full text archived locally
✦ AI Summary · Claude Sonnet


    Discover more Malware detection software Cyberattack prevention guide Threat intelligence platform HomeCyber Security News Fortra Access Manager Vulnerability Enables Remote Command Injection Attacks By Abinaya June 17, 2026 Fortra has disclosed a critical security vulnerability in its Core Privileged Access Manager (BoKS) that could allow remote attackers to execute arbitrary commands on affected systems. CVE-2026-9862 is a critical OS command injection (CWE-78) flaw in the boks_autoregisterd service, carrying a CVSS 9.8 severity rating. It exists within the autoregistration functionality of BoKS, a component that automatically registers hosts in the privileged access management environment. Due to improper neutralization of user-supplied input, attackers can craft malicious requests that inject operating system commands during the autoregistration process. Security researchers identified that the vulnerable service listens on TCP port 6507 by default, making it reachable over the network in many deployments. Fortra Access Manager Vulnerability An unauthenticated attacker with network access to this service can exploit the flaw without requiring user interaction or prior privileges. Successful exploitation enables the execution of arbitrary commands with the service’s privileges, which can lead to full system compromise, data manipulation, or service disruption. Given the critical nature of the flaw and the lack of authentication requirements, it poses a significant risk to organizations that rely on BoKS for privileged access management. Attackers could potentially leverage this weakness to move laterally across networks, escalate privileges, or deploy malware. Fortra has acknowledged the issue and provided temporary mitigation measures while security updates are being prepared. Organizations are strongly advised to restrict network access to the boks_autoregisterd service, particularly limiting exposure of port 6507 to untrusted networks. This can be achieved through firewall rules or network segmentation. According to Fortra advisory FI-2026-007, the vulnerability was identified on May 27, 2026, and publicly disclosed on June 15, 2026. As an additional workaround, administrators can turn off the vulnerable service entirely. This involves modifying the boksinit configuration file on the BoKS Master system by commenting out the autoregisterd service entry. After updating the configuration, the service manager must be reloaded, or the BoKS service restarted to apply the changes. While this mitigation prevents exploitation, it also turns off autoregistration until the configuration is restored. Security teams should monitor their environments for any unusual activity associated with the autoregistration service, including unexpected command execution or suspicious network traffic targeting port 6507. Applying vendor patches as soon as they become available is critical to remediate the risk fully. The disclosure of CVE-2026-9862 underscores the ongoing risks posed by exposed management services. It underscores the importance of secure coding practices, particularly input validation, to prevent command injection vulnerabilities. CISO & Security Leaders: Your next breach may not have a face. Join ISC2’s LIVE webinar, “Ghost in the Machine” – Book Your Spot Here Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets Using Real-Time Network Monitoring to Spot Suspicious Application Behavior on macOS UNC3753 Uses Screen-Sharing Sessions and RMM Tools to Exfiltrate Sensitive Legal Data Infinite Campus Data Breach Exposes 137,000 Users Personal Details Windows Collaborative Translation Framework 0-Day Vulnerability Allows Privilege Escalation Latest News Cyber Security U.S. Commerce Dept Imposes Export Controls on Anthropic’s Claude Mythos 5 and Fable 5 Cyber Security Hackers Compromised 140+ Mastra npm Packages to Deploy Password-Stealing Malware Cyber Security AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox Cyber Security News Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection Chrome Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now!
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 17, 2026
    Archived
    Jun 17, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗