CVE-2026-9862

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
15/06/2026
Last modified:
09/07/2026

Description

Fortra&amp;#39;s <br /> Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:forta:core_privileged_access_manager:*:*:*:*:*:*:*:* 8.1.0.0 (including) 8.1.0.22 (including)
cpe:2.3:a:forta:core_privileged_access_manager:*:*:*:*:*:*:*:* 9.0.0.0 (including) 9.0.0.4 (including)