CVE-2026-9862 – Core Privileged Access Manager (BoKS)
CVSS 9.8
CRITICAL
Critical or Zero Day – Immediate Deployment
“A privileged service with command injection risk can turn network access into system control.”
This patch addresses CVE-2026-9862 in Fortra Core Privileged Access Manager (BoKS). The vulnerability affects the boks_autoregisterd service and allows OS command injection during autoregistration processing. A remote attacker with network access to the service may execute commands using the privileges of the vulnerable service.
CVE-2026-9862 has a CVSS score of 9.8, which is Critical severity. The issue is classified as CWE-78, OS Command Injection. Remote Code Execution is possible, but no verified exploitation has been reported.
Key Details
- Affected Product
- Forta Core Privileged Access Manager
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-78
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.