CrowdStrike has released a critical advisory regarding a severe path-traversal vulnerability identified in its LogScale platform, labeled as CVE-2026-40050. This flaw allows unauthorized remote access to server files, presenting a significant risk to system security.
Understanding the Vulnerability
The vulnerability is located in a specific cluster API endpoint within the LogScale platform. If exposed, it permits remote attackers to navigate the server’s directory structure, accessing sensitive files without any authentication. This security gap is rated with a CVSS v3.1 score of 9.8, highlighting its critical nature regarding confidentiality, integrity, and availability.
Technical Details and Impact
The underlying causes of this vulnerability include two specific types of weaknesses: CWE-306, which is missing authentication for critical functions, and CWE-22, which involves improper limitation of a pathname to a restricted directory. Affected versions include LogScale Self-Hosted GA versions 1.224.0 to 1.234.0 and LTS versions 1.228.0 and 1.228.1. However, Next-Gen SIEM users remain unaffected.
For LogScale SaaS users, CrowdStrike has implemented network-layer protections across clusters as of April 7, 2026, effectively neutralizing the risk. A thorough investigation into log data confirms no known exploitation has occurred.
Recommended Actions and Monitoring
CrowdStrike discovered this vulnerability through internal testing. The company is actively monitoring for any suspicious activity related to this issue. Self-hosted LogScale users are advised to upgrade to patched versions, specifically 1.235.1, 1.234.1, 1.233.1, or 1.228.2 (LTS) or later, ensuring no adverse impact on system performance.
Organizations should adhere to standard incident response protocols to detect signs of unauthorized access or data exfiltration.
Stay informed with our updates on Google News, LinkedIn, and X, or contact us for more information on cybersecurity developments.
