CVE-2026-4433
CWE-16Published: March 24, 2026· Updated: Mar 25, 2026
Official Description
An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.
Technical Analysis
CVE-2026-4433 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
News & Research Mentioning CVE-2026-4433
Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke [xlite_meta score:37 src:The Hacker News xlite_fp:d0162f50f60328687c6eb2b9e393293ebc65fa7e691a62138ac945960fa1e48a]
All References (1)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-4433 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts