cbcvebase.
CVE-2026-9862
published 2026-06-15

CVE-2026-9862: Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.86%
54.1th percentile
Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.

Affected

2 ranges
VendorProductVersion rangeFixed in
fortracore_privileged_access_managerboks-server 8.1.0.0 – boks-server 8.1.0.22
fortracore_privileged_access_managerboks-server 9.0.0.0 – boks-server 9.0.0.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.