These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-9863 is a HIGH-severity vulnerability with a CVSS score of 7.5. The vulnerability exists in the client upgrade and patch tooling for legacy tar-based client installations in Fortra BoKS Manager. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Master during client version handling.
CVE-2026-9862 is a critical OS command injection vulnerability in Fortra's Core Privileged Access Manager (BoKS). The vulnerability exists in the boks_autoregisterd service and allows a remote attacker with network access to execute commands with the privileges of the service during autoregistration processing. The vulnerability has a CVSS score of 9.8 and is considered critical.
CVE-2025-10035 is a Fortra GoAnywhere MFT deserialization of untrusted data vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-09-29. The KEV entry also marks it as having known ransomware campaign use, which raises the operational urgency for defenders. CISA’s required action is to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or disc [truncated]
CVE-2022-42948 affects Fortra Cobalt Strike and is described as a user interface remote code execution vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-03-30, which means it is treated as actively exploited and should be prioritized for remediation. The source guidance is to apply updates per vendor instructions.
CVE-2022-39197 is a cross-site scripting (XSS) vulnerability in the Fortra Cobalt Strike Teamserver. CISA added it to the Known Exploited Vulnerabilities catalog, which means defenders should treat remediation as urgent rather than routine.
CVE-2023-0669 is a Fortra GoAnywhere MFT remote code execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-02-10. CISA’s KEV entry also marks it as associated with known ransomware campaign use and sets a remediation due date of 2023-03-03. Based on the supplied official metadata, this is a high-priority issue for organizations running GoAnywhere MFT, and remediati [truncated]