CVE-2026-4433

Vulnerability

Overview

CVE-2026-4433 describes an SSH misconfiguration in Tenable OT that permits the ostunnel user to potentially exfiltrate socket, port, and service information via GatewayPorts. This misconfiguration could allow an attacker to glean details about the underlying system, which might be used to attempt further compromise of the host [1].

Exploitation

Context

The vulnerability is rooted in the SSH configuration, specifically involving the ostunnel user and the GatewayPorts setting. An attacker with access to the ostunnel user account could leverage this misconfiguration to forward ports and extract information about internal services. The attack does not require authentication beyond the ostunnel user's credentials, and the network position would need to allowlist may be bypassed if GatewayPorts is enabled [1].

Impact

If exploited, an attacker could obtain sensitive information such as open sockets, ports, and running services on the Tenable OT system. This information leakage could serve as a stepping stone for more targeted attacks, potentially leading to full host compromise. The severity is rated as Low, indicating that the vulnerability requires specific conditions and does not directly allow remote code execution or privilege escalation [1].

Mitigation

Tenable has released a patch, tenable-ot-platform-137, which addresses the SSH misconfiguration. The fix is included in Tenable OT Security and Tenable OT Security Enterprise Manager ISOs dated March 18, 2026. Users are strongly encouraged to apply the patch or upgrade to the latest ISO to remediate the vulnerability [1].