CVE-2026-9862 – Core Privileged Access Manager (BoKS)

CVSS 9.8 CRITICAL Critical or Zero Day – Immediate Deployment

“A privileged service with command injection risk can turn network access into system control.”

This patch addresses CVE-2026-9862 in Fortra Core Privileged Access Manager (BoKS). The vulnerability affects the boks_autoregisterd service and allows OS command injection during autoregistration processing. A remote attacker with network access to the service may execute commands using the privileges of the vulnerable service.

CVE-2026-9862 has a CVSS score of 9.8, which is Critical severity. The issue is classified as CWE-78, OS Command Injection. Remote Code Execution is possible, but no verified exploitation has been reported.

Key Details

Affected Product
Forta Core Privileged Access Manager
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-78
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.