{"api_version":"1","generated_at":"2026-06-24T07:16:58+00:00","cve":"CVE-2026-12164","urls":{"html":"https://cve.report/CVE-2026-12164","api":"https://cve.report/api/cve/CVE-2026-12164.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-12164","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-12164"},"summary":{"title":"Privilege Escalation in Fortra File Integrity Monitoring (FIM)","description":"Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.","state":"PUBLISHED","assigner":"Fortra","published_at":"2026-06-23 23:16:49","updated_at":"2026-06-23 23:16:49"},"problem_types":["CWE-266","CWE-266 CWE-266 Incorrect privilege assignment"],"metrics":[{"version":"3.1","source":"df4dee71-de3a-4139-9588-11b62fe6c0ff","type":"Secondary","score":"4.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"4.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://www.fortra.com/security/advisories/product-security/fi-2026-010","name":"https://www.fortra.com/security/advisories/product-security/fi-2026-010","refsource":"df4dee71-de3a-4139-9588-11b62fe6c0ff","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-12164","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-12164","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Fortra","product":"File Integrity Monitoring (FIM)","version":"affected 9.4.0 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Upgrade to version 9.4.0 or later.","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"File Integrity Monitoring (FIM)","vendor":"Fortra","versions":[{"lessThan":"9.4.0","status":"affected","version":"0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships."}],"value":"Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-266","description":"CWE-266 Incorrect privilege assignment","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-23T22:25:18.710Z","orgId":"df4dee71-de3a-4139-9588-11b62fe6c0ff","shortName":"Fortra"},"references":[{"url":"https://www.fortra.com/security/advisories/product-security/fi-2026-010"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade to version 9.4.0 or later."}],"value":"Upgrade to version 9.4.0 or later."}],"source":{"discovery":"UNKNOWN"},"title":"Privilege Escalation in Fortra File Integrity Monitoring (FIM)","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"df4dee71-de3a-4139-9588-11b62fe6c0ff","assignerShortName":"Fortra","cveId":"CVE-2026-12164","datePublished":"2026-06-23T22:15:37.683Z","dateReserved":"2026-06-12T19:31:35.041Z","dateUpdated":"2026-06-23T22:25:18.710Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-23 23:16:49","lastModifiedDate":"2026-06-23 23:16:49","problem_types":["CWE-266","CWE-266 CWE-266 Incorrect privilege assignment"],"metrics":{"cvssMetricV31":[{"source":"df4dee71-de3a-4139-9588-11b62fe6c0ff","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"12164","Ordinal":"1","Title":"Privilege Escalation in Fortra File Integrity Monitoring (FIM)","CVE":"CVE-2026-12164","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"12164","Ordinal":"1","NoteData":"Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.","Type":"Description","Title":"Privilege Escalation in Fortra File Integrity Monitoring (FIM)"}]}}}