A critical vulnerability has been identified in Fortra BoKS, tracked as CVE-2026-9862, exposing privileged access servers in Linux and UNIX systems. The flaw, an OS command injection within the autoregistration handler, allows remote attackers to execute arbitrary commands with elevated privileges due to a lack of authentication. The service listens on port 6507, making it a vulnerable target.
To mitigate risks, administrators are advised to restrict access to this port or disable the service by modifying the configuration file. Until fixed releases are available, these measures are crucial for protection.