CVE-2026-12164
Privilege Escalation in Fortra File Integrity Monitoring (FIM)
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.4EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
23 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Affected products
Fortra · File Integrity Monitoring (FIM)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →