PatchSiren cyber security CVE debrief
CVE-2026-12164 Fortra CVE debrief
CVE-2026-12164 is a medium-severity vulnerability in Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0. The issue may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running. This can occur particularly when the import also creates or changes roles or role-permission relationships. The vulnerability has a CVSS score of 4.4 and is classified as CWE-266. Fortra has released an advisory (FI-2026-010) addressing this issue.
- Vendor
- Fortra
- Product
- File Integrity Monitoring (FIM)
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-25
Who should care
Organizations using Fortra File Integrity Monitoring (FIM) versions prior to 9.4.0 should be aware of this vulnerability. Specifically, administrators responsible for user management, role configuration, and system security within these environments should take note. Additionally, security teams monitoring for potential privilege escalation risks should consider the implications of this vulnerability.
Technical summary
The vulnerability exists in the tetool import functionality of Fortra File Integrity Monitoring (FIM). When the import command is executed while FIM is running, it may incorrectly assign elevated permissions to newly created users. This issue is particularly relevant when the import process also involves creating or modifying roles and their associated permissions. The vulnerability is characterized by the following: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N, indicating a local attack vector with high privileges required but no user interaction needed. The CWE classification for this vulnerability is CWE-266, Improper Privilege Management.
Defensive priority
Given the medium severity and potential for privilege escalation, defenders should prioritize patching to version 9.4.0 or later. In the interim, restricting access to the tetool import functionality and closely monitoring user and role changes can help mitigate risk.
Recommended defensive actions
- Apply the update to version 9.4.0 or later as soon as possible.
- Restrict access to the tetool import functionality to minimize exposure.
- Closely monitor user and role changes within the FIM environment.
- Review and audit existing user permissions and roles for any unintended elevations.
- Implement compensating controls such as additional logging and monitoring of privilege usage.
Evidence notes
The CVE and NVD provide official details on the vulnerability. Fortra's advisory (FI-2026-010) offers specific guidance on addressing the issue. The vulnerability's impact is limited to versions prior to 9.4.0, and the attack vector requires local access with high privileges.
Official resources
-
CVE-2026-12164 CVE record
CVE.org
-
CVE-2026-12164 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
df4dee71-de3a-4139-9588-11b62fe6c0ff
This article is AI-assisted and based on the supplied source corpus.