EXECUTIVE SUMMARY:
CVE-2026-9862 with a CVSS score of 9.8 is a critical OS command injection flaw in the boks_autoregisterd service of Fortra Core Privileged Access Manager (BoKS), affecting all currently released versions that include the autoregistration component. The vulnerability arises because the service fails to properly neutralize user‑supplied input when processing host registration requests, allowing an attacker to embed malicious operating‑system commands in the request payload. An unauthenticated adversary who can reach the service on its default TCP port 6507 can send a crafted registration packet, which the service executes with the privileges of the BoKS process, requiring no prior credentials or user interaction. Successful exploitation grants the attacker the ability to run arbitrary commands on the privileged management host, potentially leading to full system compromise, data alteration, service disruption, lateral movement, privilege escalation, or malware deployment. The business impact includes loss of confidentiality, integrity, and availability of privileged access infrastructure, regulatory non‑compliance, and operational downtime. Exploitation is contingent on network exposure of port 6507 to untrusted networks; if the service is firewalled or isolated, the attack vector is mitigated.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-9862 with a CVSS score of 9.8 is a critical OS command injection flaw in the boks_autoregisterd service of Fortra Core Privileged Access Manager (BoKS), affecting all currently released versions that include the autoregistration component. The vulnerability arises because the service fails to properly neutralize user‑supplied input when processing host registration requests, allowing an attacker to embed malicious operating‑system commands in the request payload. An unauthenticated adversary who can reach the service on its default TCP port 6507 can send a crafted registration packet, which the service executes with the privileges of the BoKS process, requiring no prior credentials or user interaction. Successful exploitation grants the attacker the ability to run arbitrary commands on the privileged management host, potentially leading to full system compromise, data alteration, service disruption, lateral movement, privilege escalation, or malware deployment. The business impact includes loss of confidentiality, integrity, and availability of privileged access infrastructure, regulatory non‑compliance, and operational downtime. Exploitation is contingent on network exposure of port 6507 to untrusted networks; if the service is firewalled or isolated, the attack vector is mitigated.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/fortra-access-manager-vulnerability/