CVE-2026-40050
published 2026-04-21CVE-2026-40050: CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.60%
44.0th percentile
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication.
Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation.
LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability.
CrowdStrike identified this vulnerability during continuous and ongoing product testing.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| crowdstrike | logscale_self-hosted | 1.224.0 – 1.235.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
CrowdStrike LogScale Self-Hosted up to 1.235.0 API Endpoint missing authentication
vuldb·2026-04-21·CVSS 9.8
CVE-2026-40050 [CRITICAL] CrowdStrike LogScale Self-Hosted up to 1.235.0 API Endpoint missing authentication
A vulnerability, which was classified as critical, has been found in CrowdStrike LogScale Self-Hosted up to 1.235.0. This issue affects some unknown processing of the component API Endpoint. Performing a manipulation results in missing authentication.
This vulnerability is reported as CVE-2026-40050. The attack is possible to be carried out remotely. No exploit exists.
It is advisable to upgrade the affected component.
GHSA
GHSA-q4qj-hj7m-7jgx: CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale
ghsa_unreviewed·2026-04-21·CVSS 9.8
CVE-2026-40050 [CRITICAL] CWE-22 GHSA-q4qj-hj7m-7jgx: CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication.
Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation.
LogScale Self-hosted customers should upgr
No detection rules found.
No public exploits indexed.
2026-04-21
Published