CVE-2026-9863

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
15/06/2026
Last modified:
09/07/2026

Description

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Master during client version handling.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:forta:core_privileged_access_manager:*:*:*:*:*:*:*:* 8.1.0.0 (including) 8.1.0.22 (including)
cpe:2.3:a:forta:core_privileged_access_manager:*:*:*:*:*:*:*:* 9.0.0.0 (including) 9.0.0.4 (including)