CrowdStrike has patched CVE-2026-40050, a critical (CVSS 9.8) unauthenticated path traversal vulnerability in its LogScale product that allows remote attackers to read arbitrary files from the server. Tenable has addressed CVE-2026-33694, a high-severity flaw in its Nessus scanner for Windows that could allow arbitrary file deletion or code execution with System privileges. Self-hosted LogScale customers must apply the provided patch, while Nessus for Windows users should update to the fixed version.
Endpoint/Device Security , Vulnerability Management , Patch/Configuration Management CrowdStrike and Tenable address critical vulnerabilities in security products April 27, 2026 Share By SC Staff Security Week reports that two major cybersecurity firms, CrowdStrike and Tenable, have recently informed their customers about significant vulnerabilities discovered and subsequently patched within their product offerings. CrowdStrike issued an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability impacting its LogScale product. This flaw could permit a remote attacker to read arbitrary files from the server. While Next-Gen SIEM customers are unaffected and LogScale SaaS users have had the vulnerability mitigated, self-hosted LogScale customers are urged to update to a patched version. CrowdStrike stated the vulnerability was found internally with no evidence of exploitation in the wild. Concurrently, Tenable published advisories for CVE-2026-33694, a high-severity vulnerability affecting its Nessus vulnerability scanner on Windows. This issue could allow an attacker to delete arbitrary files with System privileges or execute arbitrary code. Source: Security Week SC Staff Related Threat Management Medtronic says cyberattack did not disrupt its operations Steve Zurier April 27, 2026 Attack raised concerns because it was second one on a major medical device maker since the Iran war started. Application security Ring the alarm! Your IT security program has a mobile-app gap Paul Wagenseil April 23, 2026 As mobile apps take over the digital landscape, securing them effectively is essential. Cloud Security CrowdStrike expands cloud security to Google Cloud SC Staff April 23, 2026 Announced at Google Cloud Next 2026, the expansion integrates Google Cloud alongside AWS and Azure into CrowdStrike CDR's real-time monitoring capabilities. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Antivirus Software Bring Your Own Device (BYOD) Buffer Overflow Bug Disassembly Endpoint Security Ephemeral Port Extranet Firmware Registry You can skip this ad in 5 seconds