{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4433", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2026-03-19T16:38:57.418Z", "datePublished": "2026-03-24T20:26:15.338Z", "dateUpdated": "2026-03-25T14:27:17.139Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2026-03-24T20:26:15.338Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-16", "description": "CWE-16: Configuration", "type": "CWE"}]}], "affected": [{"vendor": "Tenable, Inc.", "product": "Tenable Operation Technology", "platforms": ["Linux", "64 bit"], "versions": [{"status": "affected", "version": "3.18.58", "lessThanOrEqual": "4.2.40", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host."}]}], "references": [{"url": "https://www.tenable.com/security/tns-2026-9"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "LOW", "baseScore": 1.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}], "solutions": [{"lang": "en", "value": "Tenable has released Tenable OT Security and Tenable OT Security Enterprise Manager ISOs that contains the fix for new installations of the product. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-appliance).\n\nTenable has released the patch to address this issue within the currently deployed products.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Tenable has released Tenable OT Security and Tenable OT Security Enterprise Manager ISOs that contains the fix for new installations of the product. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-appliance).</p><p>Tenable has released the patch to address this issue within the currently deployed products.</p>"}]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T14:23:02.123837Z", "id": "CVE-2026-4433", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:27:17.139Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4433", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T14:23:02.123837Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:23:37.008Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 1.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Tenable, Inc.", "product": "Tenable Operation Technology", "versions": [{"status": "affected", "version": "3.18.58", "versionType": "custom", "lessThanOrEqual": "4.2.40"}], "platforms": ["Linux", "64 bit"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Tenable has released Tenable OT Security and Tenable OT Security Enterprise Manager ISOs that contains the fix for new installations of the product. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-appliance).\n\nTenable has released the patch to address this issue within the currently deployed products.", "supportingMedia": [{"type": "text/html", "value": "<p>Tenable has released Tenable OT Security and Tenable OT Security Enterprise Manager ISOs that contains the fix for new installations of the product. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/tenable-appliance).</p><p>Tenable has released the patch to address this issue within the currently deployed products.</p>", "base64": false}]}], "references": [{"url": "https://www.tenable.com/security/tns-2026-9"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.", "supportingMedia": [{"type": "text/html", "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-16", "description": "CWE-16: Configuration"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2026-03-24T20:26:15.338Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4433", "state": "PUBLISHED", "dateUpdated": "2026-03-25T14:27:17.139Z", "dateReserved": "2026-03-19T16:38:57.418Z", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "datePublished": "2026-03-24T20:26:15.338Z", "assignerShortName": "tenable"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host."}, {"lang": "es", "value": "Existe una mala configuraci\u00f3n de SSH en Tenable OT que llev\u00f3 a la posible exfiltraci\u00f3n de informaci\u00f3n de sockets, puertos y servicios a trav\u00e9s del usuario ostunnel y GatewayPorts. Esto podr\u00eda usarse para potencialmente recopilar informaci\u00f3n sobre el sistema subyacente y proporcionar a un atacante informaci\u00f3n que podr\u00eda usarse para intentar comprometer el host."}], "id": "CVE-2026-4433", "lastModified": "2026-03-25T15:41:58.280", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnreport@tenable.com", "type": "Secondary"}]}, "published": "2026-03-24T21:16:29.687", "references": [{"source": "vulnreport@tenable.com", "url": "https://www.tenable.com/security/tns-2026-9"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "vulnreport@tenable.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "64_bit"], "status": "affected", "versions": {"scheme": "semver", "value": "[3.18.58,4.2.40]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}]}, "product": "tenable_operation_technology", "vendor": "tenable"}], "created": "2026-03-25T11:45:57.216563+00:00", "updated": "2026-03-25T11:45:57.216649+00:00", "vendors": ["tenable", "tenable$PRODUCT$tenable_operation_technology"]}