CrowdStrike Issues Critical Alert: LogScale Vulnerability Allows Unauthenticated File Access

TranslationCrowdStrike has released an urgent security update to address a critical flaw in its LogScale platform that could allow attackers to bypass security boundaries and siphon sensitive data directly from the server.

The vulnerability, tracked as CVE-2026-40050, has been assigned a CVSS score of 9.8, marking it as a “Critical” threat to organizations hosting their own LogScale instances.

The security advisory describes a classic but devastating Path Traversal (CWE-22) weakness combined with Missing Authentication (CWE-306).

Specifically, the vulnerability exists within a cluster API endpoint. If this endpoint is exposed, it “allows a remote attacker to read arbitrary files from the server filesystem without authentication”. This means a threat actor could potentially access sensitive configuration files, system logs, or even credentials stored on the host server without ever needing to log in.

Crucially, the company stated that “CrowdStrike has no indication of any exploitation of this in the wild”. Furthermore, for those utilizing the SaaS version of the platform, the company took swift action: “CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026”.

The vulnerability does not impact Next-Gen SIEM customers, but it is a major concern for those managing their own infrastructure.

Impacted Versions:

• LogScale Self-Hosted: GA versions 1.224.0 through 1.234.0 (inclusive).
• LogScale Self-Hosted LTS: Versions 1.228.0 and 1.228.1.

CrowdStrike urges self-hosted customers to move to a patched release without delay. As the advisory emphasizes, “LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability”.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Do Son

Do Son (aka Ddos) is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.