CVE Vulnerabilities

CVE-2026-12164

Incorrect Privilege Assignment

Published: Jun 23, 2026 | Modified: Jun 29, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Affected Software

NameVendorStart VersionEnd Version
File_integrity_monitoringFortra*9.4.0 (excluding)

Potential Mitigations

References