CVE Catalog

CVE-2026-9863

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.58%

44th percentile - higher than 44% of all known CVEs

Summary

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Master during client version handling.

Risk Assessment

The risk is that an attacker controlling a client can execute arbitrary commands on the BoKS Master server, potentially leading to full compromise of the identity and access management system.

Recommendation

Apply the update provided by Fortra for BoKS Manager immediately and consider migrating legacy tar-based clients to newer, more secure installation methods.

Original NVD description (English source)

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Master during client version handling.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS