CVE-2026-12164
Analyzed Analyzed - Analysis Complete

Fortra FIM Incorrect Permissions via tetool Import

Vulnerability report for CVE-2026-12164, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-23

Last updated on: 2026-06-29

Assigner: Fortra

Description

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-23
Last Modified
2026-06-29
Generated
2026-07-14
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
fortra file_integrity_monitoring to 9.4.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Fortra File Integrity Monitoring (FIM), formerly known as Tripwire Enterprise, in versions prior to 9.4.0. It occurs when the tetool import command is used while FIM is running. Specifically, the issue may cause incorrect or elevated effective permissions to be assigned to users created by this import command, especially if the import also creates or modifies roles or role-permission relationships.

Impact Analysis

The vulnerability can lead to users having incorrect or elevated permissions, which means they might gain more access or control than intended. This can result in unauthorized actions or changes within the system, potentially compromising the integrity of monitored files or system security.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12164. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart