CVE-2026-1063 is a command injection vulnerability identified in bastillion-io Bastillion, an open-source SSH key management and bastion host solution, affecting versions 4.0.0 and 4.0.1. The vulnerability resides in the Public Key Management System, specifically within the AuthKeysKtrl.java source file. This flaw allows an attacker with high privileges (PR:H) to remotely execute arbitrary system commands due to improper input handling leading to command injection. The attack vector is network-based (AV:N), requires no user interaction (UI:N), and does not require authentication tokens beyond high privileges. The vulnerability impacts confidentiality, integrity, and availability at a low level, as indicated by the CVSS 5.1 score and vector. The vendor has not issued a patch or responded to the disclosure, and while exploits have been publicly disclosed, there are no confirmed reports of exploitation in the wild. The lack of vendor response and patch availability increases risk for organizations relying on Bastillion for secure SSH key management, as attackers could leverage this flaw to escalate privileges, execute arbitrary commands, and potentially compromise critical systems. Bastillion is commonly deployed in environments requiring centralized SSH access control, making this vulnerability particularly concerning for organizations with complex infrastructure and multiple administrators.

For European organizations, the impact of CVE-2026-1063 can be significant, especially for those using Bastillion to manage SSH keys and access to critical infrastructure. Successful exploitation could allow attackers with existing high privileges to execute arbitrary commands remotely, potentially leading to unauthorized access to sensitive systems, data leakage, or disruption of services. This could facilitate lateral movement within networks, undermining network segmentation and increasing the risk of broader compromise. Organizations in sectors such as finance, energy, telecommunications, and government, which often rely on bastion hosts for secure access, may face increased operational risk and regulatory scrutiny if breaches occur. The absence of a vendor patch and public exploit availability heighten the urgency for proactive mitigation. However, since exploitation requires high privileges, the initial compromise vector must already be established, somewhat limiting the attack surface but not eliminating the threat. The medium severity rating reflects this balance between exploitability and impact.

1. Restrict access to Bastillion management interfaces strictly to trusted administrators and secure networks using network segmentation and firewall rules. 2. Implement multi-factor authentication and strong access controls to minimize the risk of privilege escalation to high-level accounts. 3. Monitor Bastillion logs and system activity for unusual command executions or access patterns indicative of exploitation attempts. 4. If possible, review and sanitize inputs handled by the Public Key Management System component, particularly in the AuthKeysKtrl.java module, to prevent command injection. 5. Consider deploying Bastillion instances in isolated environments or containers to limit potential damage from exploitation. 6. Maintain up-to-date backups of Bastillion configurations and keys to enable rapid recovery. 7. Engage with the Bastillion community or security researchers for any unofficial patches or workarounds until an official fix is released. 8. Conduct regular security assessments and penetration tests focusing on bastion host configurations and SSH key management practices. 9. Educate administrators on the risks of privilege misuse and the importance of secure key management. 10. Prepare incident response plans specifically addressing potential exploitation of bastion host vulnerabilities.