CrowdStrike carries two distinct risk items this week: a critical unauthenticated path traversal in LogScale self-hosted deployments (CVE-2026-40050, CVSS 9.1) that could expose host-level files including credentials and config data, and a governance-layer exposure introduced by the OpenAI TAC program integrating GPT-5.4-Cyber into Falcon. The LogScale flaw requires immediate network-layer containment pending patch confirmation; the AI integration item requires access governance review and triage pipeline validation rather than emergency patching.