CVE-2026-4433

LOW

Tenable OT <4.2.40 - Info Disclosure

Title source: llm

Description

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.

References (1)

https://www.tenable.com/security/tns-2026-9

Scores

CVSS v4 1.9

EPSS 0.0005

EPSS Percentile 14.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Details

CWE

CWE-16

Status published

Products (1)

Tenable, Inc./Tenable Operation Technology 3.18.58 - 4.2.40

Published Mar 24, 2026

Tracked Since Mar 25, 2026