SSH Misconfig in Tenable OT Exposes Service Info via GatewayPorts
CVE-2026-4433 Published on March 24, 2026
An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.
Weakness Type
Configuration
Weaknesses in this category are typically introduced during the configuration of the software.
Affected Versions
Tenable, Inc. Tenable Operation Technology:- Version 3.18.58, <= 4.2.40 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.