CVE-2026-9862

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Jun 15, 2026

Vendor unknown

Description

Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.

References

https://www.fortra.com/security/advisories/product-security/fi-2026-007