On April 24, 2026, cybersecurity leaders CrowdStrike and Tenable announced the remediation of significant security vulnerabilities within their respective software suites. CrowdStrike identified and patched a critical unauthenticated path traversal vulnerability in its LogScale observability and log management platform. Simultaneously, Tenable resolved a high-severity flaw in its Nessus vulnerability scanner. Both companies confirmed that the issues were identified through internal security research and that there is currently no evidence of these vulnerabilities being exploited by malicious actors.
The vulnerability in CrowdStrike LogScale, which provides real-time log management and threat hunting capabilities, was classified as a critical unauthenticated path traversal flaw. This type of vulnerability typically allows an attacker to access files and directories outside the intended web root by manipulating variables that reference files with specific sequences. In the context of LogScale, this could have potentially allowed unauthorized access to sensitive configuration data or system-level files. CrowdStrike has issued a mandatory update for all self-hosted LogScale customers, specifically targeting versions prior to 1.155.0. Cloud-based instances of LogScale were patched automatically by the company’s site reliability engineering teams prior to the public announcement, ensuring no service downtime for managed users.
Tenable addressed a high-severity vulnerability in Nessus, one of the industry’s most widely deployed vulnerability assessment tools. The flaw affected Nessus versions 10.7.0 through 10.8.1. According to Tenable’s technical bulletin, the vulnerability involved improper validation of input that could lead to local privilege escalation under specific environmental conditions. If successfully exploited, a user with limited access to the host system could potentially gain administrative rights over the Nessus application. Tenable has released Nessus version 10.8.2 to remediate the issue and recommends that all administrators of on-premises deployments apply the update immediately to maintain the integrity of their security scanning infrastructure.
Both organizations emphasized the importance of proactive internal auditing in their disclosure statements. CrowdStrike stated that the LogScale flaw was discovered during a routine security review of the platform’s API endpoints. Tenable similarly attributed its discovery to the company’s internal Vulnerability Research Team. While the technical severity of the LogScale vulnerability is categorized as critical due to its unauthenticated nature, the lack of observed exploitation suggests that the risk to the broader user base remained contained prior to the patch release.
These updates come as enterprise security teams face increasing pressure to maintain the integrity of their monitoring and scanning tools. LogScale is utilized by thousands of organizations for high-speed data ingestion and analysis, while Nessus remains a cornerstone for compliance and vulnerability management. Technical documentation provided by both firms indicates that the patches do not introduce breaking changes to existing workflows or API integrations, and no performance degradation has been reported following the deployment of the updated versions.