CVE-2026-4433
Received Received - Intake
SSH Misconfiguration in Tenable OT Enables Information Disclosure

Publication date: 2026-03-24

Last updated on: 2026-04-29

Assigner: Tenable Network Security, Inc.

Description
An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4433
EUVD
EUVD-2026-15025
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tenable ot *
tenable ot_platform to 4.2.40 (exc)
tenable ot_platform From 4.2.40 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-16 Configuration
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-4433 vulnerability is an SSH misconfiguration in Tenable OT Platform versions 4.2.40 and earlier. This misconfiguration allows potential exfiltration of socket, port, and service information through the ostunnel user and the use of GatewayPorts.

This information disclosure could enable an attacker to gather details about the underlying system, which might be leveraged to attempt further compromise of the host.

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability could allow an attacker to obtain sensitive information about the system's sockets, ports, and services by exploiting the SSH misconfiguration."}, {'type': 'paragraph', 'content': 'With this information, an attacker might be able to plan and execute further attacks to compromise the host, potentially leading to unauthorized access or disruption.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'The vulnerability involves an SSH misconfiguration in Tenable OT Platform versions 4.2.40 and earlier, specifically related to the ostunnel user and GatewayPorts allowing potential exfiltration of socket, port, and service information.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you should check the SSH configuration for the presence and settings of the ostunnel user and verify if GatewayPorts is enabled.'}, {'type': 'list_item', 'content': 'Check if the ostunnel user exists: `id ostunnel` or `grep ostunnel /etc/passwd`'}, {'type': 'list_item', 'content': 'Inspect the SSH daemon configuration file (usually `/etc/ssh/sshd_config`) for the GatewayPorts setting: `grep GatewayPorts /etc/ssh/sshd_config`'}, {'type': 'list_item', 'content': "Verify if GatewayPorts is set to 'yes' or enabled, which could allow remote port forwarding and information leakage."}, {'type': 'list_item', 'content': 'Review active SSH sessions and port forwarding rules related to the ostunnel user to detect suspicious activity.'}] [1]

Mitigation Strategies

To mitigate this vulnerability, it is strongly advised to apply the official security patch released by Tenable, identified as tenable-ot-platform-137.

Alternatively, upgrading to a fixed version of the Tenable OT Platform released after March 18, 2026, will also resolve the issue.

In the meantime, you can reduce risk by disabling GatewayPorts in the SSH configuration if it is not required.

  • Apply the security patch tenable-ot-platform-137 immediately.
  • Upgrade to the latest fixed version of Tenable OT Platform.
  • Disable GatewayPorts by setting `GatewayPorts no` in `/etc/ssh/sshd_config` and restarting the SSH service.
  • Review and restrict SSH user permissions, especially for the ostunnel user.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4433. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart