Do Son 
A critical Fortra BoKS vulnerability has put privileged access servers at risk across Linux and UNIX fleets. Tracked as CVE-2026-9862, the bug earns a maximum-tier CVSS score of 9.8.
Inside the Autoregistration Flaw
The problem lives in the boks_autoregisterd service. Specifically, it is an OS command injection weakness in the autoregistration handler. A remote attacker with network access to the service can abuse it directly.
As a result, the attacker can run arbitrary commands. Worse still, those commands execute with the privileges of the service itself. Because no authentication is required, the barrier to exploitation stays dangerously low.
This Fortra BoKS vulnerability therefore threatens the very system meant to lock down privileged access. The service listens on port 6507 by default, which hands attackers a clear target.
How to Reduce the Risk
Administrators should act before fixed builds land. First, restrict network access to port 6507 so only trusted hosts can reach the service.
Alternatively, teams can disable the service entirely. To do so, comment out the autoregisterd line in the boksinit master configuration. Afterward, signal boks_init to reread the file or restart BoKS.
Keep in mind that this step removes autoregistration until the line is restored. However, the trade-off is worth it given the severity. Fortra has published full remediation steps in its official Fortra BoKS security advisory.
In short, patch as soon as fixed releases arrive. Until then, network restrictions remain your strongest shield.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
