Permission Escalation Vulnerability in Fortra File Integrity Monitoring
CVE-2026-12164

4.9MEDIUM

Key Information:

Vendor: Fortra
Status: File Integrity Monitoring (fim)
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-12164?

Fortra File Integrity Monitoring (FIM), previously known as Tripwire Enterprise, is affected by a vulnerability that may lead to incorrect or elevated effective permissions for users when created through the tetool import command while FIM is actively running. This is especially concerning when the import process involves the creation or modification of roles and their associated permissions, potentially compromising the security posture of the system.

Affected Version(s)

File Integrity Monitoring (FIM) 0 < 9.4.0

References

https://www.fortra.com/security/advisories/product-securi...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 12, 2026

CVE-2026-12164 Data

JSON