Privilege Escalation in Fortra File Integrity Monitoring (FIM)

FI-2026-010 - Privilege Escalation in Fortra File Integrity Monitoring (FIM)

Severity

Medium

Published Date

23-Jun-2026

Updated Date

23-Jun-2026

Vulnerabilities

CVE-2026-12164

Notes

Description

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.

Vulnerabilities

Privilege Escalation in Fortra File Integrity Monitoring (FIM)

Severity

Medium

CVE

CVE-2026-12164

CWE

CWE-266:Incorrect privilege assignment

Discovery Date

12-Jun-2026

CSSv3.1

4.4 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)

Affected Products

Vulnerability Notes

Remediation: Vendor Fix

Upgrade to version 9.4.0 or later.

References

(https://www.cve.org/CVERecord?id=CVE-2026-12164)

Privilege Escalation in Fortra File Integrity Monitoring (FIM)

FI-2026-010 - Privilege Escalation in Fortra File Integrity Monitoring (FIM)

Notes

Vulnerabilities

Vulnerability Notes

References

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Fortra AI Use

Impressum