{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4433", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2026-03-19T16:38:57.418Z", "datePublished": "2026-03-24T20:26:15.338Z", "dateUpdated": "2026-03-25T14:27:17.139Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2026-03-24T20:26:15.338Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-16", "description": "CWE-16: Configuration", "type": "CWE"}]}], "affected": [{"vendor": "Tenable, Inc.", "product": "Tenable Operation Technology", "platforms": ["Linux", "64 bit"], "versions": [{"status": "affected", "version": "3.18.58", "lessThanOrEqual": "4.2.40", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host."}]}], "references": [{"url": "https://www.tenable.com/security/tns-2026-9"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "LOW", "baseScore": 1.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}], "solutions": [{"lang": "en", "value": "Tenable has released Tenable OT Security and Tenable OT Security Enterprise Manager ISOs that contains the fix for new installations of the product. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-appliance).\n\nTenable has released the patch to address this issue within the currently deployed products.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Tenable has released Tenable OT Security and Tenable OT Security Enterprise Manager ISOs that contains the fix for new installations of the product. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-appliance).</p><p>Tenable has released the patch to address this issue within the currently deployed products.</p>"}]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T14:23:02.123837Z", "id": "CVE-2026-4433", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:27:17.139Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4433", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T14:23:02.123837Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:23:37.008Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 1.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Tenable, Inc.", "product": "Tenable Operation Technology", "versions": [{"status": "affected", "version": "3.18.58", "versionType": "custom", "lessThanOrEqual": "4.2.40"}], "platforms": ["Linux", "64 bit"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Tenable has released Tenable OT Security and Tenable OT Security Enterprise Manager ISOs that contains the fix for new installations of the product. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-appliance).\n\nTenable has released the patch to address this issue within the currently deployed products.", "supportingMedia": [{"type": "text/html", "value": "<p>Tenable has released Tenable OT Security and Tenable OT Security Enterprise Manager ISOs that contains the fix for new installations of the product. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-appliance).</p><p>Tenable has released the patch to address this issue within the currently deployed products.</p>", "base64": false}]}], "references": [{"url": "https://www.tenable.com/security/tns-2026-9"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.", "supportingMedia": [{"type": "text/html", "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-16", "description": "CWE-16: Configuration"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2026-03-24T20:26:15.338Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4433", "state": "PUBLISHED", "dateUpdated": "2026-03-25T14:27:17.139Z", "dateReserved": "2026-03-19T16:38:57.418Z", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "datePublished": "2026-03-24T20:26:15.338Z", "assignerShortName": "tenable"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host."}, {"lang": "es", "value": "Existe una mala configuraci\u00f3n de SSH en Tenable OT que llev\u00f3 a la posible exfiltraci\u00f3n de informaci\u00f3n de sockets, puertos y servicios a trav\u00e9s del usuario ostunnel y GatewayPorts. Esto podr\u00eda usarse para potencialmente recopilar informaci\u00f3n sobre el sistema subyacente y proporcionar a un atacante informaci\u00f3n que podr\u00eda usarse para intentar comprometer el host."}], "id": "CVE-2026-4433", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnreport@tenable.com", "type": "Secondary"}]}, "published": "2026-03-24T21:16:29.687", "references": [{"source": "vulnreport@tenable.com", "url": "https://www.tenable.com/security/tns-2026-9"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "vulnreport@tenable.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "64_bit"], "status": "affected", "versions": {"scheme": "semver", "value": "[3.18.58,4.2.40]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}]}, "product": "tenable_operation_technology", "vendor": "tenable"}], "analysis": {"en": {"generated_at": "2026-03-24T21:36:14.776313+00:00", "value": {"mitigation_remediation": ["Download the latest Tenable OT Security ISO from the Tenable Downloads Portal and use it for new installations. For existing deployments, apply the vendor-released patch to correct the SSH configuration. Verify that GatewayPorts is set to \"no\" and that the ostunnel user is appropriately restricted after applying the fix. Monitor SSH logs for abnormal activity to ensure the mitigation remains effective."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure via SSH misconfiguration"}, "threat_synthesis": {"affected_systems": "The affected product is Tenable OT Security and Tenable OT Security Enterprise Manager, part of Tenable Operation Technology. Specific software versions are not listed, indicating that the issue applies to the currently deployed products as well as new installations when using the supplied ISO.", "description_and_impact": "A misconfiguration in the SSH configuration of Tenable OT exposes socket, port, and service information through the ostunnel user and GatewayPorts settings. This flaw allows an attacker to exfiltrate details about the underlying system, potentially aiding further compromise attempts. The vulnerability is a configuration error that can reveal critical system data.", "risk_and_exploitability": "The CVSS score of 1.9 denotes low severity, and EPSS data is not available. As Tenable has not listed this vulnerability in the CISA KEV catalog, no known exploits are publicly documented. The likely attack vector is remote, requiring an attacker to gain SSH access to the system; the misconfiguration can then be exploited to obtain service information. Given the low severity score but potential for gathering credentials or system insight, the overall risk is moderate until a patch is applied."}}}}, "created": "2026-03-25T11:45:57.216563+00:00", "title": "SSH Misconfiguration Enabling Exfiltration of Service Information in Tenable OT", "updated": "2026-03-25T20:57:23.121324+00:00", "vendors": ["tenable", "tenable$PRODUCT$tenable_operation_technology"]}