PatchSiren cyber security CVE debrief
CVE-2026-9863 Fortra CVE debrief
CVE-2026-9863 is a HIGH-severity vulnerability with a CVSS score of 7.5. The vulnerability exists in the client upgrade and patch tooling for legacy tar-based client installations in Fortra BoKS Manager. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Master during client version handling.
- Vendor
- Fortra
- Product
- Core Privileged Access Manager (BoKS)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Fortra BoKS Manager, especially those with legacy tar-based client installations, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by an OS command injection issue in the client upgrade and patch tooling. This could allow an attacker to execute commands on the BoKS Master during client version handling if they have control over a legacy tar-installed client.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by Fortra to address this vulnerability.
- Review and update client installations to ensure they are not using legacy tar-based installations.
- Monitor BoKS Manager and client systems for suspicious activity.
Evidence notes
The CVE record and NVD detail for CVE-2026-9863 were used to generate this debrief. Additional information can be found at [ref-4](https://www.fortra.com/security/advisories/product-security/fi-2026-008).
Official resources
-
CVE-2026-9863 CVE record
CVE.org
-
CVE-2026-9863 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
df4dee71-de3a-4139-9588-11b62fe6c0ff
CVE-2026-9863 was published on 2026-06-15T16:16:35.507Z and has not been modified since then.