Description

CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication. Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation. LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability. CrowdStrike identified this vulnerability during continuous and ongoing product testing.

INFO

Published Date :

2026-04-21T16:48:24.722Z

Last Modified :

2026-04-21T17:25:29.299Z

Source :

CrowdStrike
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40050 vulnerability.

Vendors Products
Crowdstrike
  • Logscale Self-hosted
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40050.

URL Resource
https://www.crowdstrike.com/en-us/security-advisories/cve-2026-40050/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact