ACCORDING to CrowdStrike, the advisory for CVE-2026-40050 describes a critical unauthenticated path traversal flaw in LogScale that could allow a remote attacker to read arbitrary files from the server filesystem; Next-Gen SIEM customers are not affected, and the vulnerability has been mitigated for LogScale SaaS customers, with self-hosted installations advised to update to a patched version.
CrowdStrike says the flaw was discovered internally and there is no evidence of exploitation in the wild based on its log data. Tenable has published two advisories describing the same high-severity vulnerability found in Nessus on Windows, tracked as CVE-2026-33694, which could let an attacker delete arbitrary files with System privileges and could also lead to arbitrary code execution with elevated privileges. Tenable published separate advisories for Nessus and Nessus Agent.