Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike and Tenable informed customers this week about potentially serious vulnerabilities found and patched in their products. CrowdStrike published an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can allow a remote attacker to read arbitrary files from the server filesystem. The cybersecurity giant pointed out that Next-Gen SIEM customers are not affected and the vulnerability has been mitigated for LogScale SaaS customers. LogScale Self-hosted customers have been advised to update to a patched version. CrowdStrike said the vulnerability was discovered internally and there is no evidence of exploitation in the wild based on a review of log data. Tenable published two new advisories on Thursday. They describe the same high-severity vulnerability found in the company’s Nessus vulnerability scanner, specifically on Windows. The vulnerability is tracked as CVE-2026-33694 and an attacker could exploit it via junctions to delete arbitrary files with System privileges. Exploitation could also lead to arbitrary code execution with elevated privileges. Tenable published separate advisories for Nessus and Nessus Agent.  Related: Claude’s New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging Related: CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5 Related: Trend Micro Patches Critical Apex One Vulnerabilities WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers  After Bluesky, Mastodon Targeted in DDoS Attack Claude Mythos Finds 271 Firefox Vulnerabilities Google Antigravity in Crosshairs of Security Researchers, Cybercriminals Third US Security Expert Admits Helping Ransomware Gang Unsecured Perforce Servers Expose Sensitive Data From Major Orgs Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking Latest News US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US Bitwarden NPM Package Hit in Supply Chain Attack Copperhelm Raises $7 Million for Agentic Cloud Security Platform Cloudsmith Raises $72 Million in Series C Funding Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos Rilian Raises $17.5 Million for AI-Native Security Orchestration The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Claroty has appointed John Ryan as Vice President of Worldwide Partner Ecosystem. Irving Bruckstein has been appointed Chief Executive Officer at Cyber A.I. Group. Anti-ransomware platform Halcyon has named Kirstjen Nielsen and Chris Inglis as Strategic Advisors. More People On The Move Expert Insights Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) Flipboard Reddit Whatsapp Email