Vulnerability Details CVE-2026-9862
Fortra's
Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 54.4%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-9862
-
cpe:2.3:a:forta:core_privileged_access_manager:*