Platform
linux
Component
crowdstrike-logscale
Fixed in
1.235.1
CVE-2026-40050 is a critical unauthenticated path traversal vulnerability affecting CrowdStrike LogScale versions 1.224.0 through 1.235.0. An attacker can exploit this flaw to read arbitrary files from the server filesystem without authentication, potentially exposing sensitive data. Next-Gen SIEM customers are not affected. A fix is available from CrowdStrike.
This vulnerability poses a significant risk as it allows an unauthenticated attacker to gain access to sensitive data stored on the LogScale server. Successful exploitation could lead to the exposure of configuration files, credentials, logs, or other critical information. The ability to read arbitrary files grants a wide range of potential attacks, including data exfiltration, privilege escalation, and further compromise of the system. The lack of authentication requirements dramatically lowers the barrier to entry for attackers, increasing the likelihood of exploitation. This vulnerability shares characteristics with other path traversal exploits, allowing attackers to bypass access controls and navigate the file system.
CVE-2026-40050 was publicly disclosed on April 21, 2026. The vulnerability is considered critical due to the ease of exploitation and potential impact. No public proof-of-concept (PoC) code has been released at the time of writing, but the simplicity of the path traversal technique suggests that PoCs are likely to emerge. It is not currently listed on CISA KEV, and there are no reports of active exploitation campaigns. Refer to the CrowdStrike advisory for further details.
Exploit Status
EPSS
0.32% (55% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to a patched version of CrowdStrike LogScale. CrowdStrike has released updates to address this vulnerability; consult their advisory for specific version details. If immediate patching is not feasible, implement strict network segmentation to isolate the LogScale cluster and restrict access to the vulnerable API endpoint. Consider using a Web Application Firewall (WAF) to filter requests and block attempts to exploit the path traversal vulnerability. Regularly review access logs for suspicious activity and implement intrusion detection systems to identify and respond to potential attacks.
Update CrowdStrike LogScale Self-Hosted to a patched version immediately to mitigate the vulnerability. See the CrowdStrike advisory for more details and the patched versions available: https://www.crowdstrike.com/en-us/security-advisories/cve-2026-40050/
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-40050 is a critical vulnerability in CrowdStrike LogScale versions 1.224.0–1.235.0 that allows unauthenticated attackers to read arbitrary files from the server filesystem.
If you are running CrowdStrike LogScale version 1.224.0 through 1.235.0 and hosting your own cluster, you are potentially affected. Next-Gen SIEM customers are not affected.
Upgrade to a patched version of CrowdStrike LogScale as soon as possible. Consult the CrowdStrike advisory for specific version details. Network segmentation is a temporary workaround.
There are currently no reports of active exploitation, but the vulnerability's simplicity suggests that exploitation is possible.
Refer to the official CrowdStrike security advisory for detailed information and mitigation steps. (Link to advisory would be here if available)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.