CVE-2026-9862 (GCVE-0-2026-9862)
Vulnerability from cvelistv5 – Published: 2026-06-15 15:10 – Updated: 2026-06-15 16:09
VLAI
Title
Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability
Summary
Fortra's
Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.fortra.com/security/advisories/produc… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortra | Core Privileged Access Manager (BoKS) |
Affected:
boks-server 8.1.0.0 , ≤ boks-server 8.1.0.22
(custom)
Affected: boks-server 9.0.0.0 , ≤ boks-server 9.0.0.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T16:09:18.347930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T16:09:28.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"boks_autoregisterd"
],
"product": "Core Privileged Access Manager (BoKS)",
"vendor": "Fortra",
"versions": [
{
"lessThanOrEqual": "boks-server 8.1.0.22",
"status": "affected",
"version": "boks-server 8.1.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "boks-server 9.0.0.4",
"status": "affected",
"version": "boks-server 9.0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fortra internal security assessment"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFortra\u0027s\u0026nbsp;\nCore Privileged Access Manager (BoKS)\u0026nbsp;contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.\u003c/p\u003e"
}
],
"value": "Fortra\u0027s\u00a0\nCore Privileged Access Manager (BoKS)\u00a0contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T15:18:11.644Z",
"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"shortName": "Fortra"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.fortra.com/security/advisories/product-security/fi-2026-007"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpgrade to boks-server 8.1.0.23 or 9.0.0.5.\u003c/p\u003e"
}
],
"value": "Upgrade to boks-server 8.1.0.23 or 9.0.0.5."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRestrict network access to boks_autoregisterd, which listens on port 6507 by default, until fixed builds are deployed.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAnother workaround for both boks-server 8.1 and 9.0 is to disable the service in the boksinit configuration. On the BoKS Master, edit\u003c/p\u003e\u003cp\u003e\u003cspan\u003e$BOKS_var/internal/boksinit/master\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eand comment out the line\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e`autoregisterd:300:1:0:respawn::$BOKS_lib/boks_autoregisterd -xn`\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eby prefixing it with\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e`#`;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003ethen make boks_init reread the file, for example by running\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e`kill -HUP $(cat $BOKS_var/run/boks_init)`,\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eor restart BoKS. This stops boks_autoregisterd and prevents it from being respawned; autoregistration is unavailable until the row is restored.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Restrict network access to boks_autoregisterd, which listens on port 6507 by default, until fixed builds are deployed.\u00a0\n\n\n\nAnother workaround for both boks-server 8.1 and 9.0 is to disable the service in the boksinit configuration. On the BoKS Master, edit\n\n\n\n$BOKS_var/internal/boksinit/master\u00a0\n\n\n\nand comment out the line\u00a0\n\n\n\n`autoregisterd:300:1:0:respawn::$BOKS_lib/boks_autoregisterd -xn`\u00a0\n\n\n\nby prefixing it with\u00a0\n\n\n\n`#`;\u00a0\n\n\n\nthen make boks_init reread the file, for example by running\u00a0\n\n\n\n`kill -HUP $(cat $BOKS_var/run/boks_init)`,\u00a0\n\n\n\nor restart BoKS. This stops boks_autoregisterd and prevents it from being respawned; autoregistration is unavailable until the row is restored."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"assignerShortName": "Fortra",
"cveId": "CVE-2026-9862",
"datePublished": "2026-06-15T15:10:08.708Z",
"dateReserved": "2026-05-28T16:37:50.792Z",
"dateUpdated": "2026-06-15T16:09:28.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-9862",
"date": "2026-06-16",
"epss": "0.00845",
"percentile": "0.53066"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-9862\",\"sourceIdentifier\":\"df4dee71-de3a-4139-9588-11b62fe6c0ff\",\"published\":\"2026-06-15T16:16:35.357\",\"lastModified\":\"2026-06-15T21:01:58.873\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Fortra\u0027s\u00a0\\nCore Privileged Access Manager (BoKS)\u00a0contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"df4dee71-de3a-4139-9588-11b62fe6c0ff\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"df4dee71-de3a-4139-9588-11b62fe6c0ff\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://www.fortra.com/security/advisories/product-security/fi-2026-007\",\"source\":\"df4dee71-de3a-4139-9588-11b62fe6c0ff\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-9862\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-15T16:09:18.347930Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-15T16:09:23.776Z\"}}], \"cna\": {\"title\": \"Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Fortra internal security assessment\"}], \"impacts\": [{\"capecId\": \"CAPEC-248\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-248 Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Fortra\", \"modules\": [\"boks_autoregisterd\"], \"product\": \"Core Privileged Access Manager (BoKS)\", \"versions\": [{\"status\": \"affected\", \"version\": \"boks-server 8.1.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"boks-server 8.1.0.22\"}, {\"status\": \"affected\", \"version\": \"boks-server 9.0.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"boks-server 9.0.0.4\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to boks-server 8.1.0.23 or 9.0.0.5.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eUpgrade to boks-server 8.1.0.23 or 9.0.0.5.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.fortra.com/security/advisories/product-security/fi-2026-007\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Restrict network access to boks_autoregisterd, which listens on port 6507 by default, until fixed builds are deployed.\\u00a0\\n\\n\\n\\nAnother workaround for both boks-server 8.1 and 9.0 is to disable the service in the boksinit configuration. On the BoKS Master, edit\\n\\n\\n\\n$BOKS_var/internal/boksinit/master\\u00a0\\n\\n\\n\\nand comment out the line\\u00a0\\n\\n\\n\\n`autoregisterd:300:1:0:respawn::$BOKS_lib/boks_autoregisterd -xn`\\u00a0\\n\\n\\n\\nby prefixing it with\\u00a0\\n\\n\\n\\n`#`;\\u00a0\\n\\n\\n\\nthen make boks_init reread the file, for example by running\\u00a0\\n\\n\\n\\n`kill -HUP $(cat $BOKS_var/run/boks_init)`,\\u00a0\\n\\n\\n\\nor restart BoKS. This stops boks_autoregisterd and prevents it from being respawned; autoregistration is unavailable until the row is restored.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eRestrict network access to boks_autoregisterd, which listens on port 6507 by default, until fixed builds are deployed.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAnother workaround for both boks-server 8.1 and 9.0 is to disable the service in the boksinit configuration. On the BoKS Master, edit\u003c/p\u003e\u003cp\u003e\u003cspan\u003e$BOKS_var/internal/boksinit/master\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eand comment out the line\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e`autoregisterd:300:1:0:respawn::$BOKS_lib/boks_autoregisterd -xn`\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eby prefixing it with\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e`#`;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003ethen make boks_init reread the file, for example by running\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e`kill -HUP $(cat $BOKS_var/run/boks_init)`,\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eor restart BoKS. This stops boks_autoregisterd and prevents it from being respawned; autoregistration is unavailable until the row is restored.\u003c/span\u003e\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Fortra\u0027s\\u00a0\\nCore Privileged Access Manager (BoKS)\\u00a0contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eFortra\u0027s\u0026nbsp;\\nCore Privileged Access Manager (BoKS)\u0026nbsp;contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"df4dee71-de3a-4139-9588-11b62fe6c0ff\", \"shortName\": \"Fortra\", \"dateUpdated\": \"2026-06-15T15:18:11.644Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-9862\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-15T16:09:28.297Z\", \"dateReserved\": \"2026-05-28T16:37:50.792Z\", \"assignerOrgId\": \"df4dee71-de3a-4139-9588-11b62fe6c0ff\", \"datePublished\": \"2026-06-15T15:10:08.708Z\", \"assignerShortName\": \"Fortra\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…