Vulnerability intelligence

CVE-2026-9862

Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.

CVSS Score

9.8

Critical

EPSS — Exploit Probability

0.8%

Riskier than 53% of all CVEs

Exploitation

Not in CISA KEV

No federal exploitation record

Remediation

unknown

Check vendor advisories

NVD entry PoC / advisory

1 article across 1 outlet · first covered Jun 17, 2026 · latest Jun 17, 2026

Coverage timeline

Attackers hijack Fortra BoKS servers via CVE-2026-9862 flaw
securityonline.info · Jun 17, 2026