CVE-2026-12164
MediumCVSS 4.4Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A vulnerability in Fortra File Integrity Monitoring (formerly Tripwire Enterprise) prior to version 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, especially when the import also creates or changes roles or role-permission relationships.
Risk Assessment
The risk involves potential unauthorized access to sensitive data or system functions, which could lead to file integrity monitoring compromise and privilege escalation.
Recommendation
It is recommended to immediately upgrade Fortra FIM to version 9.4.0 or later and verify permissions of all users created via tetool import.
Original NVD description (English source)
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.

