CrowdStrike LogScale Vulnerability Allows Remote Attackers to Read Arbitrary Files from Server

CrowdStrike has issued an urgent security advisory for a critical unauthenticated path-traversal vulnerability (CVE-2026-40050) affecting its LogScale platform, warning that a remote attacker could exploit the flaw to read arbitrary files directly from the server’s filesystem without authentication.

The vulnerability resides in a specific cluster API endpoint within CrowdStrike LogScale. If this endpoint is exposed, a remote attacker can leverage it to traverse the server’s directory structure and access sensitive files without needing credentials.

The flaw carries a CVSS v3.1 score of 9.8 (CRITICAL), reflecting the severe potential impact on confidentiality, integrity, and availability.

Two weakness types underpin this vulnerability:

• CWE-306 – Missing Authentication for Critical Function
• CWE-22 – Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

The vulnerability affects LogScale Self-Hosted GA versions 1.224.0 through 1.234.0 (inclusive), as well as LogScale Self-Hosted LTS versions 1.228.0 and 1.228.1. Notably, Next-Gen SIEM customers are not affected and require no action.

For LogScale SaaS customers, CrowdStrike already deployed network-layer blocks across all clusters on April 7, 2026, effectively mitigating the risk at the infrastructure level. The company also conducted a proactive review of all log data and found no evidence of exploitation in the wild.

CrowdStrike has confirmed there is currently no indication of active exploitation. The vulnerability was discovered internally through the company’s continuous product testing program, not reported via an external researcher or observed in a real-world attack.

CrowdStrike is actively monitoring LogScale SaaS environments for any signs of abuse or suspicious activity related to this flaw.

Mitigations

Self-hosted LogScale customers are urged to upgrade immediately to one of the following patched versions:

• 1.235.1 or later
• 1.234.1 or later
• 1.233.1 or later
• 1.228.2 (LTS) or later

CrowdStrike confirmed that the patched builds introduce no direct or indirect performance impact on LogScale operations. Organizations running self-hosted instances should also follow standard incident response procedures to monitor for any signs of prior unauthorized access or file exfiltration.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post CrowdStrike LogScale Vulnerability Allows Remote Attackers to Read Arbitrary Files from Server appeared first on Cyber Security News.