Back

Critical Vulnerabilities Discovered in CrowdStrike LogScale and Other Security Tools

Severity: High (Score: 74.0)

Sources: Scworld, Securityaffairs.Co, Crowe, www.securityweek.com

Summary

CrowdStrike disclosed a critical vulnerability (CVE-2026-40050) in its LogScale product, allowing unauthenticated attackers to exploit a path traversal flaw to access sensitive files. This vulnerability affects self-hosted LogScale customers, while SaaS users have been mitigated. Additionally, Tenable reported a high-severity vulnerability (CVE-2026-33694) in its Nessus scanner, which could allow file deletion or arbitrary code execution. Microsoft patched a privilege escalation vulnerability (CVE-2026-40372) in ASP.NET Core, and a new Linux vulnerability (CVE-2026-41651) allows full root access on affected systems. The incidents highlight ongoing risks in third-party dependencies and data protection, particularly in the UAE's financial and government sectors. Organizations are urged to prioritize patch management and strengthen vendor risk assessments. AI advancements in cybersecurity also raise concerns about unauthorized access to tools designed for vulnerability discovery. Key Points: • CVE-2026-40050 allows unauthenticated access to files in CrowdStrike LogScale. • Tenable's Nessus scanner has a high-severity vulnerability (CVE-2026-33694) affecting Windows. • Organizations must enhance patch management and vendor risk assessments to mitigate risks.

Key Entities

  • Data Breach (attack_type)
  • Zero-day Exploit (attack_type)
  • Anthropic (company)
  • CrowdStrike (company)
  • Tenable (company)
  • Vercel (company)
  • CVE-2026-33694 (cve)
  • CVE-2026-40050 (cve)
  • CVE-2026-40372 (cve)
  • CVE-2026-41651 (cve)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-22 - Path Traversal (cwe)
  • CWE-269 - Improper Privilege Management (cwe)
  • Financial (industry)
  • Government (industry)
  • Healthcare (industry)
  • ASP.NET Core (platform)
  • Claude Mythos AI Model (platform)
  • CrowdStrike LogScale (platform)
  • Firefox (platform)
  • Gpt-5.5 (platform)
  • Mythos (tool)
  • Nessus (tool)
  • Pack2TheRoot (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed