CVE-2026-4433

Summary

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.

Affected Software

VendorProductVersion RangeStatus
Tenable, Inc.Tenable Operation Technology3.18.58 <= 4.2.40affected

Weaknesses

  • CWE-16: CWE-16: Configuration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References