CrowdStrike and Tenable informed customers this week about potentially serious vulnerabilities found and patched in their products.
CrowdStrike published an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can allow a remote attacker to read arbitrary files from the server filesystem.
The cybersecurity giant pointed out that Next-Gen SIEM customers are not affected and the vulnerability has been mitigated for LogScale SaaS customers.
LogScale Self-hosted customers have been advised to update to a patched version.
CrowdStrike said the vulnerability was discovered internally and there is no evidence of exploitation in the wild based on a review of log data.
Tenable published two new advisories on Thursday. They describe the same high-severity vulnerability found in the company’s Nessus vulnerability scanner, specifically on Windows.
The vulnerability is tracked as CVE-2026-33694 and an attacker could exploit it via junctions to delete arbitrary files with System privileges. Exploitation could also lead to arbitrary code execution with elevated privileges.
Tenable published separate advisories for Nessus and Nessus Agent.
Related: Claude’s New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging
Related: CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5
Related: Trend Micro Patches Critical Apex One Vulnerabilities
