cbcvebase.
CVE-2026-9863
published 2026-06-15

CVE-2026-9863: Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A…

PriorityP352high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EPSS
0.58%
43.3th percentile
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Master during client version handling.

Affected

2 ranges
VendorProductVersion rangeFixed in
fortracore_privileged_access_managerboks-server 8.1.0.0 – boks-server 8.1.0.22
fortracore_privileged_access_managerboks-server 9.0.0.0 – boks-server 9.0.0.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.