cvedb.io
CVE-2026-9862
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-06-15T16:16:35.357 · Last modified 2026-06-17T11:05:41.293

Summary

Fortra's  Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.