Plattform
linux
Komponente
crowdstrike-logscale
Behoben in
1.235.1
CVE-2026-40050 is a critical unauthenticated path traversal vulnerability affecting CrowdStrike LogScale versions 1.224.0 through 1.235.0. An attacker can exploit this flaw to read arbitrary files from the server filesystem without authentication, potentially exposing sensitive data. Next-Gen SIEM customers are not affected. A fix is available from CrowdStrike.
Successful exploitation of CVE-2026-40050 allows an attacker to gain unauthorized access to sensitive data stored on the LogScale server. This could include configuration files, credentials, and potentially even log data. The lack of authentication required for exploitation significantly broadens the attack surface, making it easier for malicious actors to compromise the system. The ability to read arbitrary files means the attacker can potentially escalate privileges or gain further insights into the system's architecture and security posture. This vulnerability shares similarities with other path traversal exploits where attackers leverage predictable file system structures to bypass access controls.
CVE-2026-40050 was publicly disclosed on 2026-04-21. The CVSS score of 9.8 (CRITICAL) indicates a high probability of exploitation. Currently, no public proof-of-concept (POC) code has been released, but the ease of exploitation makes it a likely target for attackers. The vulnerability has been added to the CISA KEV catalog, signifying a heightened risk.
Organizations running CrowdStrike LogScale versions 1.224.0 through 1.235.0, particularly those hosting their own LogScale clusters rather than utilizing the SaaS offering, are at risk. Shared hosting environments where multiple customers share the same LogScale instance are also particularly vulnerable.
• linux / server:
journalctl -u logscale -g "path traversal"• linux / server:
ps aux | grep -i 'path traversal'• generic web:
curl -I <logscale_cluster_api_endpoint> | grep -i 'path traversal'• generic web:
grep -i "path traversal" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.32% (55% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-40050 is to restrict access to the vulnerable cluster API endpoint. This can be achieved by implementing network segmentation and access control lists (ACLs) to prevent unauthorized access. While a direct patch is recommended, if upgrading is not immediately feasible, carefully review and restrict access to the affected API endpoint. Consider implementing a Web Application Firewall (WAF) with rules to block requests containing path traversal attempts. After restricting access to the endpoint, verify the mitigation by attempting to access the endpoint with a non-authenticated request and confirming that access is denied.
Aktualisieren Sie CrowdStrike LogScale Self-Hosted sofort auf eine gepatchte Version, um die Schwachstelle zu beheben. Weitere Details und die verfügbaren gepatchten Versionen finden Sie in der CrowdStrike Advisory: https://www.crowdstrike.com/en-us/security-advisories/cve-2026-40050/
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-40050 is a critical vulnerability in CrowdStrike LogScale versions 1.224.0–1.235.0 that allows unauthenticated attackers to read arbitrary files from the server filesystem.
If you are running CrowdStrike LogScale version 1.224.0 through 1.235.0 and hosting your own cluster, you are potentially affected. Next-Gen SIEM customers are not affected.
Upgrade to a patched version of CrowdStrike LogScale as soon as possible. Consult the CrowdStrike advisory for specific version details. Network segmentation is a temporary workaround.
There are currently no reports of active exploitation, but the vulnerability's simplicity suggests that exploitation is possible.
Refer to the official CrowdStrike security advisory for detailed information and mitigation steps. (Link to advisory would be here if available)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.