Description
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication.

Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation.

LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability.

CrowdStrike identified this vulnerability during continuous and ongoing product testing.
Published: 2026-04-21
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: Remote File Read via Path Traversal
Action: Immediate Patch
AI Analysis

Impact

CrowdStrike LogScale Self‑Hosted is affected by a critical unauthenticated path traversal flaw that allows an attacker to read arbitrary files from the server filesystem. The vulnerability is triggered by a specific cluster API endpoint; no authentication is required, meaning any remote host that can reach the endpoint can request file contents. This capability results in a confidentiality breach and is reflected in the high CVSS score of 9.8, indicating a severe risk to systems that expose the vulnerable endpoint.

Affected Systems

The flaw impacts the CrowdStrike LogScale Self‑Hosted product; specific affected versions are not disclosed in the advisory, so all customers running the reported self‑hosted release should assume they are vulnerable. Next‑Gen SIEM customers are explicitly excluded, and SaaS customers have been protected through network‑layer blocks applied by the vendor.

Risk and Exploitability

The CVSS score of 9.8 classifies this vulnerability as critical, and although an EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, the absence of exploitation evidence does not diminish the threat. Attackers can reach the exposed cluster API endpoint remotely and retrieve sensitive files without authentication, which is the most likely attack vector. If the endpoint is exposed, the exploitation conditions are minimal: no privileged credentials or special network access are required.

Generated by OpenCVE AI on April 22, 2026 at 03:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest CrowdStrike LogScale Self‑Hosted patch that addresses the unauthenticated cluster API endpoint and mitigates the path traversal weakness (CWE‑22).
  • Reconfigure the cluster API endpoint to enforce authentication and perform strict file‑path validation, thereby countering the authentication absence (CWE‑306) and path traversal (CWE‑22) risks.
  • Ensure the endpoint is not publicly exposed; if it must be reachable, restrict its network access and monitor for unauthorized access attempts to guard against the path traversal vulnerability (CWE‑22).

Generated by OpenCVE AI on April 22, 2026 at 03:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Description CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication. Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation. LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability. CrowdStrike identified this vulnerability during continuous and ongoing product testing.
Title CrowdStrike LogScale Unauthenticated Path Traversal
Weaknesses CWE-22
CWE-306
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CrowdStrike

Published:

Updated: 2026-04-21T17:25:29.299Z

Reserved: 2026-04-08T18:55:21.490Z

Link: CVE-2026-40050

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T17:16:53.610

Modified: 2026-04-21T17:16:53.610

Link: CVE-2026-40050

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T03:15:06Z

Weaknesses