{“lastseen”:””,”description”:”CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication.\\n\\nNext-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation.\\n\\nLogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability.\\n\\nCrowdStrike identified this vulnerability during continuous and ongoing product testing.”,”published”:”2026-04-21T16:48:24.722Z”,”modified”:”2026-04-21T17:25:29.299Z”,”type”:”cve”,”title”:”CrowdStrike LogScale Unauthenticated Path Traversal”,”source”:”CrowdStrike”,”references”:”https:\/\/www.crowdstrike.com\/en-us\/security-advisories\/cve-2026-40050\/”,”id”:”CVE-2026-40050″,”bulletinFamily”:””,”cwe”:[“CWE-306″,”CWE-22″],”cvelist”:null,”sourceData”:”CrowdStrike LogScale Self-Hosted 1.224.0″,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”LogScale Self-Hosted”,”version”:”1.224.0″,”vendor”:”CrowdStrike”,”ai_description”:”Unauthenticated path traversal vulnerability allowing remote attackers to read arbitrary files from the server filesystem”,”ai_severity”:”Critical”,”ai_vendor”:”CrowdStrike”,”ai_product”:”LogScale”,”ai_version”:”1.224.0″,”ai_score”:9.8}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,35,12,13,7,11,5],"class_list":["post-48320","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n