CVE-2026-9863
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk44th percentile - higher than 44% of all known CVEs
Summary
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Master during client version handling.
Risk Assessment
The risk is that an attacker controlling a client can execute arbitrary commands on the BoKS Master server, potentially leading to full compromise of the identity and access management system.
Recommendation
Apply the update provided by Fortra for BoKS Manager immediately and consider migrating legacy tar-based clients to newer, more secure installation methods.
Original NVD description (English source)
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Master during client version handling.

