SSH Misconfiguration in Tenable OT Exposes System Information
CVE-2026-4433

1.9LOW

Key Information:

Vendor: Tenable, Inc.
Status: Tenable Operation Technology
Vendor: CVE Published:; 24 March 2026

🔔 Create Tenable, Inc. Vulnerability Alert

What is CVE-2026-4433?

A misconfiguration in the Secure Shell (SSH) setup of Tenable OT allows unauthorized access to socket, port, and service information via the ostunnel user and GatewayPorts feature. This vulnerability could potentially enable attackers to gather critical information about the underlying system, increasing the risk of future exploitation and compromise of the host system. It's important for users to review their configurations to enhance their security posture.

Affected Version(s)

Tenable Operation Technology Linux 3.18.58 <= 4.2.40

References

https://www.tenable.com/security/tns-2026-9

CVSS V4

Score:

1.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Mar 19, 2026

CVE-2026-4433 Data

JSON