CVE-2026-4433 - Vulnerability Details - OpenCVE

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tenable	Tenable Operation Technology

No data.

No data.

References

Link	Providers
https://www.tenable.com/security/tns-2026-9

History

Wed, 25 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenable Tenable tenable Operation Technology
Vendors & Products		Tenable Tenable tenable Operation Technology

Tue, 24 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description		An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.
Weaknesses		CWE-16
References		https://www.tenable.com/security/tns-2026-9
Metrics		cvssV4_0 `{'score': 1.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2026-03-24T20:26:15.338Z

Updated: 2026-03-25T14:27:17.139Z

Reserved: 2026-03-19T16:38:57.418Z

Link: CVE-2026-4433

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-24T21:16:29.687

Modified: 2026-03-24T21:16:29.687

Link: CVE-2026-4433

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4433", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2026-03-19T16:38:57.418Z", "datePublished": "2026-03-24T20:26:15.338Z", "dateUpdated": "2026-03-25T14:27:17.139Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2026-03-24T20:26:15.338Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-16", "description": "CWE-16: Configuration", "type": "CWE"}]}], "affected": [{"vendor": "Tenable, Inc.", "product": "Tenable Operation Technology", "platforms": ["Linux", "64 bit"], "versions": [{"status": "affected", "version": "3.18.58", "lessThanOrEqual": "4.2.40", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host."}]}], "references": [{"url": "https://www.tenable.com/security/tns-2026-9"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "LOW", "baseScore": 1.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}], "solutions": [{"lang": "en", "value": "Tenable has released Tenable OT Security and Tenable OT Security Enterprise Manager ISOs that contains the fix for new installations of the product. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-appliance).\n\nTenable has released the patch to address this issue within the currently deployed products.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Tenable has released Tenable OT Security and Tenable OT Security Enterprise Manager ISOs that contains the fix for new installations of the product. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-appliance).</p><p>Tenable has released the patch to address this issue within the currently deployed products.</p>"}]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T14:23:02.123837Z", "id": "CVE-2026-4433", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:27:17.139Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host."}], "id": "CVE-2026-4433", "lastModified": "2026-03-24T21:16:29.687", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnreport@tenable.com", "type": "Secondary"}]}, "published": "2026-03-24T21:16:29.687", "references": [{"source": "vulnreport@tenable.com", "url": "https://www.tenable.com/security/tns-2026-9"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "vulnreport@tenable.com", "type": "Secondary"}]}