CVE Catalog

CVE-2026-12164

MediumCVSS 4.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

A vulnerability in Fortra File Integrity Monitoring (formerly Tripwire Enterprise) prior to version 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, especially when the import also creates or changes roles or role-permission relationships.

Risk Assessment

The risk involves potential unauthorized access to sensitive data or system functions, which could lead to file integrity monitoring compromise and privilege escalation.

Recommendation

It is recommended to immediately upgrade Fortra FIM to version 9.4.0 or later and verify permissions of all users created via tetool import.

Original NVD description (English source)

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS