CVE Catalog

CVE-2026-9862

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.85%

53th percentile — higher than 53% of all known CVEs

Summary

Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.

Risk Assessment

This vulnerability could lead to unauthorized command execution, posing a serious threat to the security of the system and the organization's data.

Recommendation

It is recommended to update the software to the latest version to eliminate this vulnerability and restrict access to the boks_autoregisterd service to trusted sources.

Original NVD description (English source)

Fortra's  Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS