Description
Fortra's 
Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.
Published: 2026-06-15
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Fortra's Core Privileged Access Manager (BoKS) contains an unmanaged OS command injection flaw in its autoregistration daemon (boks_autoregisterd). During autoregistration request processing, a remote attacker can supply crafted input that is forwarded directly to the operating system shell, allowing arbitrary commands to execute with the privileges of the daemon. Because the daemon runs with full system privileges, the flaw permits complete compromise of confidentiality, integrity, and availability of the BoKS host. The likely attack vector is over the network to the service’s default listening port, although the transport protocol is not explicitly stated—TCP is presumed due to the default port designation.

Affected Systems

The vulnerability affects all installations of Fortra Core Privileged Access Manager (BoKS) running any build older than boks-server 8.1.0.23 or 9.0.0.5. It resides in the boks_autoregisterd service, which listens on TCP port 6507 by default, and is present across all supported series prior to those patch releases.

Risk and Exploitability

The CVSS base score of 9.8 classifies the issue as critical severity. The EPSS score is below 1%, indicating that exploitation is presently rare, and it is not listed in CISA KEV. Nonetheless, exploitation requires only network reachability to the autoregistration service; no additional prerequisites are documented. Once accessed, the attacker can run system‑level commands, effectively gaining full control of the target. Due to the severe potential impact, the bug represents a high‑priority risk that must be mitigated promptly even if current exploitation rates are low.

Generated by OpenCVE AI on June 18, 2026 at 01:21 UTC.

Remediation

Vendor Solution

Upgrade to boks-server 8.1.0.23 or 9.0.0.5.


Vendor Workaround

Restrict network access to boks_autoregisterd, which listens on port 6507 by default, until fixed builds are deployed.  Another workaround for both boks-server 8.1 and 9.0 is to disable the service in the boksinit configuration. On the BoKS Master, edit $BOKS_var/internal/boksinit/master  and comment out the line  `autoregisterd:300:1:0:respawn::$BOKS_lib/boks_autoregisterd -xn`  by prefixing it with  `#`;  then make boks_init reread the file, for example by running  `kill -HUP $(cat $BOKS_var/run/boks_init)`,  or restart BoKS. This stops boks_autoregisterd and prevents it from being respawned; autoregistration is unavailable until the row is restored.


OpenCVE Recommended Actions

  • Apply the vendor patch by upgrading to boks-server 8.1.0.23 or 9.0.0.5, which contains the fix for the command injection issue.
  • Until the patched version is available, restrict inbound traffic to the boks_autoregisterd service on port 6507 by employing firewall rules or network segmentation to limit access to trusted hosts only.
  • As a temporary workaround, disable the autoregistration daemon by editing the boksinit master configuration file, commenting out the autoregisterd line, and reloading or restarting BoKS, which stops the vulnerable service from running.

Generated by OpenCVE AI on June 18, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Fortra
Fortra core Privileged Access Manager (boks)
Vendors & Products Fortra
Fortra core Privileged Access Manager (boks)

Mon, 15 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description Fortra's  Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.
Title Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Fortra Core Privileged Access Manager (boks)
cve-icon MITRE

Status: PUBLISHED

Assigner: Fortra

Published:

Updated: 2026-06-15T16:09:28.297Z

Reserved: 2026-05-28T16:37:50.792Z

Link: CVE-2026-9862

cve-icon Vulnrichment

Updated: 2026-06-15T16:09:23.776Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T16:16:35.357

Modified: 2026-06-15T21:01:58.873

Link: CVE-2026-9862

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:08:56Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')