"CrowdStrike published an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can allow a remote attacker to read arbitrary files from the server filesystem."
"Tenable published two new advisories on Thursday. They describe the same high-severity vulnerability found in the company's Nessus vulnerability scanner, specifically on Windows."
"The vulnerability is tracked as CVE-2026-33694 and an attacker could exploit it via junctions to delete arbitrary files with System privileges. Exploitation could also lead to arbitrary code execution with elevated privileges."
CrowdStrike identified a critical unauthenticated path traversal vulnerability in its LogScale product, allowing remote file access. Next-Gen SIEM customers are unaffected, and LogScale SaaS customers have been mitigated. Self-hosted customers must update to a patched version. Tenable reported a high-severity vulnerability in its Nessus vulnerability scanner on Windows, which could allow attackers to delete files and execute arbitrary code with elevated privileges. Separate advisories were issued for Nessus and Nessus Agent.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]