Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.

AI Analysis

OS command injection vulnerability in the boks_autoregisterd service of Core Privileged Access Manager (BoKS)

Basic Information

ID CVE-2026-9862

Source Fortra

Published Jun 15, 2026 at 15:10

Modified Jun 15, 2026 at 15:18

Affected Product

Vendor Fortra

Product Core Privileged Access Manager (BoKS)

Version boks-server 8.1.0.0

Affected Versions Fortra Core Privileged Access Manager (BoKS) boks-server 8.1.0.0
Fortra Core Privileged Access Manager (BoKS) boks-server 9.0.0.0

CWE Classification

CWE-78

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Fortra

Product Core Privileged Access Manager (BoKS)

Version boks-server 8.1.0.0, boks-server 9.0.0.0

References

www.fortra.com /security/advisories/product-security/fi-2026-007

{
    "lastseen": "",
    "description": "Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.",
    "published": "2026-06-15T15:10:08.708Z",
    "modified": "2026-06-15T15:18:11.644Z",
    "type": "cve",
    "title": "Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability",
    "source": "Fortra",
    "references": "https://www.fortra.com/security/advisories/product-security/fi-2026-007",
    "id": "CVE-2026-9862",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Fortra Core Privileged Access Manager (BoKS) boks-server 8.1.0.0\nFortra Core Privileged Access Manager (BoKS) boks-server 9.0.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Core Privileged Access Manager (BoKS)",
    "version": "boks-server 8.1.0.0",
    "vendor": "Fortra",
    "ai_description": "OS command injection vulnerability in the boks_autoregisterd service of Core Privileged Access Manager (BoKS)",
    "ai_severity": "Critical",
    "ai_vendor": "Fortra",
    "ai_product": "Core Privileged Access Manager (BoKS)",
    "ai_version": "boks-server 8.1.0.0, boks-server 9.0.0.0",
    "ai_score": 9.8
}

Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability_CVE-2026-9862