CVE-2026-9862
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk53th percentile — higher than 53% of all known CVEs
Summary
Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.
Risk Assessment
This vulnerability could lead to unauthorized command execution, posing a serious threat to the security of the system and the organization's data.
Recommendation
It is recommended to update the software to the latest version to eliminate this vulnerability and restrict access to the boks_autoregisterd service to trusted sources.
Original NVD description (English source)
Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.

