CVE-2026-9862 | THREATINT

Description

Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.

PUBLISHED Reserved 2026-05-28 | Published 2026-06-15 | Updated 2026-06-15 | Assigner Fortra

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

boks-server 8.1.0.0 (custom)

affected

boks-server 9.0.0.0 (custom)

affected

Credits

Fortra internal security assessment finder

References

www.fortra.com/...ty/advisories/product-security/fi-2026-007 vendor-advisory

cve.org (CVE-2026-9862)

nvd.nist.gov (CVE-2026-9862)

Download JSON