CVE-2026-4433
SSH Misconfiguration in Tenable OT Enables Information Disclosure
Publication date: 2026-03-24
Last updated on: 2026-04-29
Assigner: Tenable Network Security, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenable | ot | * |
| tenable | ot_platform | to 4.2.40 (exc) |
| tenable | ot_platform | From 4.2.40 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-16 | Configuration |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability could allow an attacker to obtain sensitive information about the system's sockets, ports, and services by exploiting the SSH misconfiguration."}, {'type': 'paragraph', 'content': 'With this information, an attacker might be able to plan and execute further attacks to compromise the host, potentially leading to unauthorized access or disruption.'}] [1]
Can you explain this vulnerability to me?
The CVE-2026-4433 vulnerability is an SSH misconfiguration in Tenable OT Platform versions 4.2.40 and earlier. This misconfiguration allows potential exfiltration of socket, port, and service information through the ostunnel user and the use of GatewayPorts.
This information disclosure could enable an attacker to gather details about the underlying system, which might be leveraged to attempt further compromise of the host.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'The vulnerability involves an SSH misconfiguration in Tenable OT Platform versions 4.2.40 and earlier, specifically related to the ostunnel user and GatewayPorts allowing potential exfiltration of socket, port, and service information.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you should check the SSH configuration for the presence and settings of the ostunnel user and verify if GatewayPorts is enabled.'}, {'type': 'list_item', 'content': 'Check if the ostunnel user exists: `id ostunnel` or `grep ostunnel /etc/passwd`'}, {'type': 'list_item', 'content': 'Inspect the SSH daemon configuration file (usually `/etc/ssh/sshd_config`) for the GatewayPorts setting: `grep GatewayPorts /etc/ssh/sshd_config`'}, {'type': 'list_item', 'content': "Verify if GatewayPorts is set to 'yes' or enabled, which could allow remote port forwarding and information leakage."}, {'type': 'list_item', 'content': 'Review active SSH sessions and port forwarding rules related to the ostunnel user to detect suspicious activity.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is strongly advised to apply the official security patch released by Tenable, identified as tenable-ot-platform-137.
Alternatively, upgrading to a fixed version of the Tenable OT Platform released after March 18, 2026, will also resolve the issue.
In the meantime, you can reduce risk by disabling GatewayPorts in the SSH configuration if it is not required.
- Apply the security patch tenable-ot-platform-137 immediately.
- Upgrade to the latest fixed version of Tenable OT Platform.
- Disable GatewayPorts by setting `GatewayPorts no` in `/etc/ssh/sshd_config` and restarting the SSH service.
- Review and restrict SSH user permissions, especially for the ostunnel user.