Summary
- Fortra disclosed CVE-2026-9862, a critical OS command injection flaw in Core Privileged Access Manager, also known as BoKS.
- The issue affects the boks_autoregisterd service and may allow remote command execution with the service’s privileges.
- PAM platforms sit at the centre of identity governance, making defects in them a control integrity and recovery issue.
Fortra has disclosed a critical vulnerability in Core Privileged Access Manager, also known as BoKS, placing attention on the systems used to control administrator access across enterprise infrastructure.
The company’s security advisory tracks the issue as CVE-2026-9862 and rates it critical. The flaw is an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to that service may be able to cause commands to execute with the privileges of the service during autoregistration processing.
Fortra’s disclosure does not state that exploitation has been observed. Even so, the affected product category raises the level of concern. Privileged access management platforms are designed to reduce administrative risk, manage access paths, enforce control over elevated privileges, and provide evidence of privileged activity. A remote command execution issue inside a PAM component touches the integrity of the access-control layer itself.
PAM is often used to contain the complexity of enterprise identity estates. It helps manage administrator rights, service accounts, break-glass access, root access, operational support, and privileged sessions across servers and applications. That role gives PAM systems significant trust. They are not ordinary applications; they sit between administrators and critical infrastructure.
The vulnerability is centred on autoregistration, a process that can support onboarding or managing clients in PAM environments. Services involved in registration, upgrade, or enrolment deserve close attention because they often operate at the boundary between managed systems and central control. Weak command handling in that path can create administrative exposure.
Organisations using BoKS need to check affected versions, apply Fortra’s recommended fixes or mitigations, and restrict network access to the vulnerable service while remediation is under way. Access to PAM management components should be limited to controlled administrative networks, monitored, and protected with strong authentication.
The incident also reinforces the need to govern identity security tools directly. Privileged access platforms need asset ownership, vulnerability management, segmentation, logging, backup, recovery testing, and independent monitoring. Their administrative access should be reviewed regularly, and service exposure should be deliberately limited.
That control discipline becomes more important as organisations rely on PAM for regulatory evidence. Audit, cyber insurance, resilience testing, and incident response often depend on logs and controls generated by privileged access platforms. If the platform can be compromised or disrupted, the organisation may lose both control and confidence in the evidence needed to reconstruct events.
A critical flaw in a PAM system is more than a patching task. The systems that hold administrative trust have to be treated as critical enterprise infrastructure, alongside identity providers, domain controllers, and backup platforms.





