Back

CrowdStrike and Tenable Patch Critical Vulnerabilities in Security Products

Severity: Medium (Score: 57.9)

Sources: Scworld, www.securityweek.com, Securityaffairs.Co

Summary

CrowdStrike and Tenable have addressed critical vulnerabilities in their security products. CrowdStrike disclosed CVE-2026-40050, a critical unauthenticated path traversal vulnerability in its LogScale product, allowing remote attackers to read arbitrary files from the server. This vulnerability affects self-hosted LogScale customers, while SaaS users remain unaffected. CrowdStrike confirmed that the vulnerability was discovered internally, with no evidence of exploitation in the wild. Concurrently, Tenable reported CVE-2026-33694, a high-severity vulnerability in its Nessus vulnerability scanner on Windows, which could enable attackers to delete files or execute arbitrary code. Both companies have urged their customers to apply the necessary patches to mitigate these risks. Key Points: • CVE-2026-40050 allows unauthenticated file access in CrowdStrike's LogScale product. • Tenable's CVE-2026-33694 could enable file deletion or arbitrary code execution. • CrowdStrike reported no evidence of exploitation for CVE-2026-40050.

Key Entities

  • Data Breach (attack_type)
  • Zero-day Exploit (attack_type)
  • CrowdStrike (company)
  • Tenable (company)
  • CVE-2026-33694 (cve)
  • CVE-2026-40050 (cve)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-22 - Path Traversal (cwe)
  • LogScale (platform)
  • Windows (platform)
  • Nessus (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed