Fortra Security Update – 16 June 2026

Fortra has released a security update to fix two vulnerabilities affecting Fortra’s Core Privileged Access Manager (BoKS).

The addressed vulnerabilities could allow the attacker to gain elevated privileges or compromise a legacy tar-installed client, which may be able to cause commands to be executed on the affected system.

The addressed vulnerabilities:

1. Core Privileged Access Manager Autoregistration Service Command Injection Vulnerability (CVE-2026-9862):

  • CVSS: 9.8
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Gain Privileges

2. Core Privileged Access Manager Upgrade Tooling Command Injection Vulnerability (CVE-2026-9863):

  • CVSS: 7.5
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Consequences: Commands Execut
Vulnerabilities
  • CVE-2026-9862
  • CVE-2026-9863
Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

Fortra Security Advisory

References