CVE-2026-12164 | Fortra File Integrity Monitoring (FIM), formerly Tripwire En… | CVSS 4.4 MEDIUM

Description

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.

Metadata

CVE ID: CVE-2026-12164
State: PUBLISHED
Assigner: Fortra
Reserved: 2026-06-12 19:31 UTC
Published: 2026-06-23 22:15 UTC
Last updated: 2026-06-23 22:25 UTC
Primary CWE: CWE-266
CWE-266 Incorrect privilege assignment
Vendor / Product: Fortra / File Integrity Monitoring (FIM)
Sources: cve.org · NVD

Severity & Metrics

4.4 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
Fortra	File Integrity Monitoring (FIM)	—	0 < 9.4.0

Weakness (CWE)

CWE	Source	Description
CWE-266	cna	CWE-266 Incorrect privilege assignment

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.4	MEDIUM	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

References (1)

https://www.fortra.com/security/advisories/product-security/fi-2026-010