Critical Path Traversal and Privilege Escalation Vulnerabilities Fixed in CrowdStrike LogScale and Tenable Nessus Products
Summary
Hide ▲
Show ▼
Critical vulnerabilities in CrowdStrike LogScale and Tenable Nessus products were patched this week, exposing self-hosted LogScale instances to unauthenticated path traversal and enabling Windows-based Nessus scanners to suffer privilege escalation via junction-based attacks. CrowdStrike resolved CVE-2026-40050, a critical unauthenticated path traversal flaw in LogScale that permitted arbitrary file read access on affected servers. Tenable addressed CVE-2026-33694, a high-severity vulnerability in Nessus for Windows allowing arbitrary file deletion and potential arbitrary code execution with SYSTEM privileges through junction-based exploitation. No evidence of exploitation in the wild has been identified by CrowdStrike, and mitigations were automatically applied for SaaS LogScale customers. Self-hosted LogScale and Nessus users are advised to apply vendor-supplied updates immediately.
Timeline
-
24.04.2026 12:49 1 articles · 2h ago
CrowdStrike LogScale Path Traversal and Tenable Nessus Privilege Escalation Vulnerabilities Patched
CrowdStrike resolved CVE-2026-40050, a critical unauthenticated path traversal vulnerability in LogScale that allowed arbitrary file access on affected servers. Tenable addressed CVE-2026-33694, a high-severity Windows-based vulnerability in Nessus enabling arbitrary file deletion and potential arbitrary code execution with SYSTEM privileges through junction exploitation. Self-hosted LogScale customers and Nessus users are advised to apply vendor updates immediately.
Show sources
- Vulnerabilities Patched in CrowdStrike, Tenable Products — www.securityweek.com — 24.04.2026 12:49
Information Snippets
-
CrowdStrike LogScale is affected by CVE-2026-40050, a critical unauthenticated path traversal vulnerability enabling arbitrary file reads from the server filesystem.
First reported: 24.04.2026 12:491 source, 1 articleShow sources
- Vulnerabilities Patched in CrowdStrike, Tenable Products — www.securityweek.com — 24.04.2026 12:49
-
CVE-2026-40050 impacts LogScale only; Next-Gen SIEM customers are not affected, and LogScale SaaS customers received automatic mitigations.
First reported: 24.04.2026 12:491 source, 1 articleShow sources
- Vulnerabilities Patched in CrowdStrike, Tenable Products — www.securityweek.com — 24.04.2026 12:49
-
LogScale Self-hosted customers must update to a patched version to remediate CVE-2026-40050; no active exploitation has been detected in logs.
First reported: 24.04.2026 12:491 source, 1 articleShow sources
- Vulnerabilities Patched in CrowdStrike, Tenable Products — www.securityweek.com — 24.04.2026 12:49
-
Tenable issued advisories for CVE-2026-33694, a high-severity vulnerability in Nessus for Windows enabling arbitrary file deletion and potential arbitrary code execution with SYSTEM privileges via junction exploitation.
First reported: 24.04.2026 12:491 source, 1 articleShow sources
- Vulnerabilities Patched in CrowdStrike, Tenable Products — www.securityweek.com — 24.04.2026 12:49
-
Tenable published separate advisories for Nessus and Nessus Agent addressing CVE-2026-33694, indicating platform-specific exploitation paths.
First reported: 24.04.2026 12:491 source, 1 articleShow sources
- Vulnerabilities Patched in CrowdStrike, Tenable Products — www.securityweek.com — 24.04.2026 12:49