CP
cyberpings

Vulnerabilities Patched - CrowdStrike and Tenable Fix Issues

CrowdStrike and Tenable have patched critical vulnerabilities in their products. Users must update to protect against potential attacks. Stay informed and secure your systems.

VulnerabilitiesHIGHUpdated: Published:
Featured image for Vulnerabilities Patched - CrowdStrike and Tenable Fix Issues

Original Reporting

SWSecurityWeek·Eduard Kovacs

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, CrowdStrike and Tenable fixed serious security holes in their software that hackers could use.

What Happened

CrowdStrike and Tenable recently announced the discovery and patching of serious vulnerabilities in their products. These flaws could potentially allow attackers to exploit systems, emphasizing the importance of timely updates for users.

The Flaw

CrowdStrike's vulnerability, tracked as CVE-2026-40050, is a critical unauthenticated path traversal issue in its LogScale product. This flaw could enable a remote attacker to read arbitrary files from the server’s filesystem. Fortunately, CrowdStrike noted that Next-Gen SIEM customers are not affected, and the vulnerability has been mitigated for LogScale SaaS customers. However, self-hosted LogScale customers must update to a patched version to ensure their systems are secure.

On the other hand, Tenable addressed a high-severity vulnerability in its Nessus vulnerability scanner, identified as CVE-2026-33694. This flaw could allow an attacker to exploit junctions to delete arbitrary files with System privileges and potentially execute arbitrary code with elevated privileges. Tenable released advisories for both the Nessus and Nessus Agent products.

What's at Risk

The vulnerabilities pose significant risks to users of the affected products. If exploited, the CrowdStrike flaw could lead to unauthorized access to sensitive files, while the Tenable vulnerability could allow attackers to delete critical files or execute malicious code on targeted systems.

Patch Status

Both companies have released patches to address these vulnerabilities. CrowdStrike has confirmed that the vulnerability was discovered internally and that there is no evidence of exploitation in the wild based on log data. Users of LogScale self-hosted versions are strongly advised to apply the latest updates. Tenable has also published advisories detailing the necessary updates for Nessus and Nessus Agent users.

Immediate Actions

For users of affected products, the following actions are recommended: By taking these steps, users can significantly reduce their risk of falling victim to potential attacks stemming from these vulnerabilities.

Containment

  • 1.Update to the latest version of LogScale if you are a self-hosted customer.
  • 2.Review advisories from Tenable and apply necessary patches for Nessus and Nessus Agent.

🔒 Pro Insight

🔒 Pro insight: The nature of these vulnerabilities underscores the critical need for robust patch management practices in cybersecurity.

Share

Related Pings

Preview image for LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours
Vulnerabilities
HIGH

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours

A serious SSRF vulnerability in LMDeploy was exploited within 13 hours of disclosure. This flaw risks sensitive data access and cloud credentials. Immediate action is required to mitigate potential damage.

THThe Hacker News
Read PingRead Source
Preview image for PhantomRPC - New Privilege Escalation Technique Discovered
Vulnerabilities
HIGH

PhantomRPC - New Privilege Escalation Technique Discovered

Kaspersky researchers have discovered a serious vulnerability in Windows RPC that allows privilege escalation to SYSTEM level. This affects all Windows versions, posing significant security risks. Immediate action is needed to mitigate potential exploitation.

KAKaspersky Securelist
Read PingRead Source
Vulnerabilities
HIGH

SpiceJet Online Booking System - Critical Vulnerabilities Disclosed

Two critical vulnerabilities have been found in SpiceJet's Online Booking System. Unauthorized users can access sensitive passenger information. This poses a significant risk to travelers. SpiceJet has not yet provided a response regarding mitigation.

CICISA Advisories
Read PingRead Source
Vulnerabilities
HIGH

Yadea T5 Electric Bicycle - Weak Authentication Vulnerability

A critical vulnerability in Yadea T5 Electric Bicycles allows attackers to unlock and start them, risking theft. All versions are affected, and users should secure their bikes now.

CICISA Advisories
Read PingRead Source
Vulnerabilities
CRITICAL

Intrado 911 Emergency Gateway - Critical Vulnerability Alert

A critical vulnerability in the Intrado 911 Emergency Gateway could allow unauthorized access to sensitive files. Affected versions span 5.x to 7.x. Immediate patching is essential to safeguard emergency services.

CICISA Advisories
Read PingRead Source
Vulnerabilities
CRITICAL

Hangzhou Xiongmai XM530 IP Camera - Critical Auth Bypass Flaw

A critical vulnerability has been found in Hangzhou Xiongmai XM530 IP cameras, allowing attackers to bypass authentication. This puts sensitive information at risk. Users must act quickly to secure their devices.

CICISA Advisories
Read PingRead Source