{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40050", "assignerOrgId": "13ddcd98-6f4a-40a8-8e24-29ca0aee4661", "state": "PUBLISHED", "assignerShortName": "CrowdStrike", "dateReserved": "2026-04-08T18:55:21.490Z", "datePublished": "2026-04-21T16:48:24.722Z", "dateUpdated": "2026-04-21T17:25:29.299Z"}, "containers": {"cna": {"title": "CrowdStrike LogScale Unauthenticated Path Traversal", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function", "type": "CWE"}, {"lang": "en", "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "affected": [{"vendor": "CrowdStrike", "product": "LogScale Self-Hosted", "versions": [{"status": "affected", "version": "1.224.0", "lessThanOrEqual": "1.235.0", "changes": [{"at": "1.233.1, 1.234.1, 1.235.1, 1.228.2", "status": "unaffected"}], "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication.\n\nNext-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation.\n\nLogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability.\n\nCrowdStrike identified this vulnerability during continuous and ongoing product testing.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication.<br><br>Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation.<br><br>LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability.<br><br>CrowdStrike identified this vulnerability during continuous and ongoing product testing.<br>"}]}], "references": [{"url": "https://www.crowdstrike.com/en-us/security-advisories/cve-2026-40050/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}, "providerMetadata": {"orgId": "13ddcd98-6f4a-40a8-8e24-29ca0aee4661", "shortName": "CrowdStrike", "dateUpdated": "2026-04-21T16:52:13.235Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T17:24:56.089262Z", "id": "CVE-2026-40050", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T17:25:29.299Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication.\n\nNext-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation.\n\nLogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability.\n\nCrowdStrike identified this vulnerability during continuous and ongoing product testing."}], "id": "CVE-2026-40050", "lastModified": "2026-04-22T21:24:26.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "13ddcd98-6f4a-40a8-8e24-29ca0aee4661", "type": "Secondary"}]}, "published": "2026-04-21T17:16:53.610", "references": [{"source": "13ddcd98-6f4a-40a8-8e24-29ca0aee4661", "url": "https://www.crowdstrike.com/en-us/security-advisories/cve-2026-40050/"}], "sourceIdentifier": "13ddcd98-6f4a-40a8-8e24-29ca0aee4661", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-306"}], "source": "13ddcd98-6f4a-40a8-8e24-29ca0aee4661", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.224.0,1.235.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "LogScale Self-Hosted", "source": "cna", "vendor": "CrowdStrike"}, "product": "logscale_self-hosted", "vendor": "crowdstrike"}], "analysis": {"en": {"generated_at": "2026-04-22T03:03:05.054278+00:00", "value": {"mitigation_remediation": ["Apply the latest CrowdStrike LogScale Self\u2011Hosted patch that addresses the unauthenticated cluster API endpoint and mitigates the path traversal weakness (CWE\u201122).", "Reconfigure the cluster API endpoint to enforce authentication and perform strict file\u2011path validation, thereby countering the authentication absence (CWE\u2011306) and path traversal (CWE\u201122) risks.", "Ensure the endpoint is not publicly exposed; if it must be reachable, restrict its network access and monitor for unauthorized access attempts to guard against the path traversal vulnerability (CWE\u201122)."], "summary": {"action": "Immediate Patch", "impact": "Remote File Read via Path Traversal"}, "threat_synthesis": {"affected_systems": "The flaw impacts the CrowdStrike LogScale Self\u2011Hosted product; specific affected versions are not disclosed in the advisory, so all customers running the reported self\u2011hosted release should assume they are vulnerable. Next\u2011Gen SIEM customers are explicitly excluded, and SaaS customers have been protected through network\u2011layer blocks applied by the vendor.", "description_and_impact": "CrowdStrike LogScale Self\u2011Hosted is affected by a critical unauthenticated path traversal flaw that allows an attacker to read arbitrary files from the server filesystem. The vulnerability is triggered by a specific cluster API endpoint; no authentication is required, meaning any remote host that can reach the endpoint can request file contents. This capability results in a confidentiality breach and is reflected in the high CVSS score of 9.8, indicating a severe risk to systems that expose the vulnerable endpoint.", "risk_and_exploitability": "The CVSS score of 9.8 classifies this vulnerability as critical, and although an EPSS score is not available and the vulnerability is not listed in CISA\u2019s KEV catalog, the absence of exploitation evidence does not diminish the threat. Attackers can reach the exposed cluster API endpoint remotely and retrieve sensitive files without authentication, which is the most likely attack vector. If the endpoint is exposed, the exploitation conditions are minimal: no privileged credentials or special network access are required."}}}}, "created": "2026-04-22T03:15:06.406521+00:00", "updated": "2026-04-22T11:46:08.782563+00:00", "vendors": ["crowdstrike", "crowdstrike$PRODUCT$logscale_self-hosted"]}