April 8, 2026 eBuilder signs an agreement for MDR/SOC with a hotel business.

March 13, 2026 eBuilder signs an agreement for SOC-operations with a Swedish municipality.

March 2, 2026 A communications/branding agency chooses eBuilders Complorer for cybersecurity training

March 2, 2026 Large international steel company chooses eBuilder as supplier for Penetration testing

March 2, 2026 Large international steel company chooses eBuilders Complorer for cybersecurity training

February 13, 2026 eBuilder Security signs an agreement for continuous pen testing with a Swedish AI-company

February 11, 2026 eBuilder Security sells Complorer Security Awareness training to a Swedish unemployment insurance fund

January 30, 2026 eBuilder sigs an agreement with a Swedish municipality for MDR/SOC.

April 8, 2026 eBuilder signs an agreement for MDR/SOC with a hotel business.

March 13, 2026 eBuilder signs an agreement for SOC-operations with a Swedish municipality.

March 2, 2026 A communications/branding agency chooses eBuilders Complorer for cybersecurity training

March 2, 2026 Large international steel company chooses eBuilder as supplier for Penetration testing

March 2, 2026 Large international steel company chooses eBuilders Complorer for cybersecurity training

February 13, 2026 eBuilder Security signs an agreement for continuous pen testing with a Swedish AI-company

February 11, 2026 eBuilder Security sells Complorer Security Awareness training to a Swedish unemployment insurance fund

January 30, 2026 eBuilder sigs an agreement with a Swedish municipality for MDR/SOC.

Company News

Vulnerabilities

CrowdStrike LogScale Critical Path Traversal Flaw Exposes Files to Unauthenticated Attackers

April 27, 2026 / 3 Min Read

CrowdStrike has disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unauthenticated path traversal, which could allow a remote attacker to read arbitrary files from the server filesystem. The vulnerability carries a CVSS v3.1 score of 9.8 (CRITICAL), reflecting the severe potential impact on confidentiality, integrity, and availability.

The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication. The vulnerability affects LogScale Self-Hosted GA versions 1.224.0 through 1.234.0 (inclusive), as well as LogScale Self-Hosted LTS versions 1.228.0 and 1.228.1.

SaaS Customers Already Protected, Self-Hosted Deployments at Risk

CrowdStrike confirmed that Next-Gen SIEM customers are not affected. LogScale SaaS users were protected on April 7, 2026 through network-layer mitigations applied across all clusters. For LogScale SaaS customers, CrowdStrike already deployed network-layer blocks across all clusters on April 7, 2026, effectively mitigating the risk at the infrastructure level.

Self-hosted LogScale customers must urgently upgrade to a patched version. The fixed releases include 1.235.1 or later, 1.234.1 or later, 1.233.1 or later, and 1.228.2 LTS or later.

Internal Discovery, No Evidence of Exploitation

The flaw was discovered internally through continuous product testing, highlighting proactive security monitoring. The vulnerability was discovered internally through the company’s continuous product testing program, not reported via an external researcher or observed in a real-world attack.

The company is not aware of attacks exploiting this vulnerability. The company also conducted a proactive review of all log data and found no evidence of exploitation in the wild.

Why This Matters for Security Operations

Defensive platforms themselves are high-value targets. Security tools like LogScale sit at a privileged position inside an organisation’s infrastructure. The path traversal vulnerability could allow attackers to access configuration files, credentials, or internal data that security teams routinely analyse.

CrowdStrike LogScale is a log management and observability platform designed to help organisations collect, search, and analyse large volumes of machine data in real time. When a security tool itself becomes compromised, the ripple effects extend far beyond the initial breach.

The technical details are straightforward but damaging. Security analysts at CrowdStrike explain that the issue stems from two key weaknesses: missing authentication for a critical function and improper restriction of file paths within the system. This combination creates an exploitable attack surface that requires no credentials to reach.

Upgrade Immediately

Organisations running self-hosted LogScale deployments should patch now. According to the advisory, the patched versions do not introduce any performance degradation or functional limitations. This removes the typical excuse for delaying critical security updates.

Beyond patching, security teams should review access logs for any unusual API calls to LogScale endpoints, particularly those occurring before the April 21 disclosure date. Successful exploitation of these vulnerabilities would allow an adversary to read arbitrary files on the vulnerable host.

If immediate patching is not feasible, restrict network access to LogScale cluster API endpoints and ensure these interfaces are not exposed to public-facing networks. However, this is a temporary measure. The CVSS 9.8 score reflects genuine risk that demands permanent resolution through patching.

References

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.