Endpoint/Device Security, Vulnerability Management, Patch/Configuration Management

CrowdStrike and Tenable address critical vulnerabilities in security products

Security Week reports that two major cybersecurity firms, CrowdStrike and Tenable, have recently informed their customers about significant vulnerabilities discovered and subsequently patched within their product offerings.

CrowdStrike issued an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability impacting its LogScale product. This flaw could permit a remote attacker to read arbitrary files from the server. While Next-Gen SIEM customers are unaffected and LogScale SaaS users have had the vulnerability mitigated, self-hosted LogScale customers are urged to update to a patched version. CrowdStrike stated the vulnerability was found internally with no evidence of exploitation in the wild.

Concurrently, Tenable published advisories for CVE-2026-33694, a high-severity vulnerability affecting its Nessus vulnerability scanner on Windows. This issue could allow an attacker to delete arbitrary files with System privileges or execute arbitrary code.

Source: Security Week

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Antivirus SoftwareBring Your Own Device (BYOD)Buffer OverflowBugDisassemblyEndpoint SecurityEphemeral PortExtranetFirmwareRegistry

You can skip this ad in 5 seconds