CrowdStrike and Tenable knowledgeable clients this week about doubtlessly critical vulnerabilities discovered and patched of their merchandise.
CrowdStrike printed an advisory for CVE-2026-40050, a crucial unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can enable a distant attacker to learn arbitrary information from the server filesystem.
The cybersecurity big identified that Subsequent-Gen SIEM clients should not affected and the vulnerability has been mitigated for LogScale SaaS clients.
LogScale Self-hosted clients have been suggested to replace to a patched model.
CrowdStrike stated the vulnerability was found internally and there’s no proof of exploitation within the wild primarily based on a overview of log information.
Tenable printed two new advisories on Thursday. They describe the identical high-severity vulnerability discovered within the firm’s Nessus vulnerability scanner, particularly on Home windows.
The vulnerability is tracked as CVE-2026-33694 and an attacker might exploit it by way of junctions to delete arbitrary information with System privileges. Exploitation might additionally result in arbitrary code execution with elevated privileges.
Tenable printed separate advisories for Nessus and Nessus Agent.
