April 8, 2026 eBuilder signs an agreement for MDR/SOC with a hotel business.
March 13, 2026 eBuilder signs an agreement for SOC-operations with a Swedish municipality.
March 2, 2026 A communications/branding agency chooses eBuilders Complorer for cybersecurity training
March 2, 2026 Large international steel company chooses eBuilder as supplier for Penetration testing
March 2, 2026 Large international steel company chooses eBuilders Complorer for cybersecurity training
February 13, 2026 eBuilder Security signs an agreement for continuous pen testing with a Swedish AI-company
February 11, 2026 eBuilder Security sells Complorer Security Awareness training to a Swedish unemployment insurance fund
January 30, 2026 eBuilder sigs an agreement with a Swedish municipality for MDR/SOC.
Company News
mobile-menu-icon
Vulnerabilities

CrowdStrike Patches Critical LogScale Vulnerability Exposing Server Files Without Authentication

Date April 27, 2026 / 3 Min Read

CrowdStrike disclosed a critical unauthenticated path-traversal vulnerability in its LogScale platform on 21 April 2026. CVE-2026-40050 carries a CVSS v3.1 score of 9.8 and was published on 21 April 2026, allowing remote attackers to read arbitrary files from the server filesystem without authentication.

The flaw sits in a specific cluster API endpoint within CrowdStrike LogScale that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication. CrowdStrike identified this vulnerability during continuous and ongoing product testing, meaning no external researcher disclosure was involved.

Affected Versions and SaaS Protection

The vulnerability affects LogScale Self-Hosted GA versions 1.224.0 through 1.234.0 (inclusive), as well as LogScale Self-Hosted LTS versions 1.228.0 and 1.228.1. The vulnerability does not affect Next-Gen SIEM customers.

For LogScale SaaS customers, CrowdStrike deployed network-layer blocks across all clusters on 7 April 2026, roughly two weeks before the public disclosure. The company conducted a proactive review of all log data and found no evidence of exploitation in the wild.

Technical Mechanism

The vulnerability combines two distinct weaknesses. The CVE entry identifies CWE-306 Missing authentication for critical function and CWE-22 Improper Limitation of a Pathname to a Restricted Directory. Security analysts at CrowdStrike explain that the issue stems from two key weaknesses: missing authentication for a critical function and improper restriction of file paths within the system. The affected API endpoint does not properly verify whether a user is authorized before processing requests. At the same time, it fails to restrict how file paths are handled.

An attacker can manipulate file path parameters in requests to the vulnerable endpoint, bypassing both authentication checks and directory restrictions to access files outside the intended scope. This is precisely the type of flaw that makes security infrastructure particularly dangerous when compromised.

Patch Information

CrowdStrike has issued patched versions including 1.235.1 or later, 1.234.1 or later, 1.233.1 or later, and 1.228.2 LTS or later. According to the advisory, the patched versions do not introduce any performance degradation or functional limitations, and the company stated that internal testing identified the vulnerability before any known real-world exploitation attempts.

Apply patches immediately if you run self-hosted LogScale. LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability. The combination of unauthenticated access and path traversal makes this vulnerability trivially exploitable once an attacker can reach the cluster API endpoint.

If immediate patching is not feasible, ensure the endpoint is not publicly exposed; if it must be reachable, restrict its network access and monitor for unauthorized access attempts. These are temporary measures only. Patching remains the permanent solution.

References

  1. CrowdStrike Security Advisory CVE-2026-40050 – https://www.crowdstrike.com/en-us/security-advisories/cve-2026-40050/
  2. OpenCVE CVE-2026-40050 Details – https://app.opencve.io/cve/CVE-2026-40050
  3. Cybersecurity News: CrowdStrike LogScale Vulnerability – https://cybersecuritynews.com/crowdstrike-logscale-vulnerability/
  4. Security Affairs: Critical Bug in CrowdStrike LogScale – https://securityaffairs.com/191343/hacking/critical-bug-in-crowdstrike-logscale-let-attackers-access-files.html
  5. runZero: CrowdStrike Falcon LogScale Vulnerability – https://www.runzero.com/blog/crowdstrike-logscale/
  6. SecurityWeek: Vulnerabilities Patched in CrowdStrike Products – https://www.securityweek.com/vulnerabilities-patched-in-crowdstrike-tenable-products/

Related News


Single Git Push Could Have Compromised Millions of GitHub Repositories

Single Git Push Could Have Compromised Millions of GitHub Repositories

calendar April 30, 2026

CrowdStrike LogScale Critical Path Traversal Flaw Exposes Files to Unauthenticated Attackers

CrowdStrike has disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unauthenticated path traversal, which could allow a remote…

calendar April 27, 2026

CrowdStrike LogScale Critical Flaw Let Attackers Read Any Server File

CrowdStrike fixed a critical vulnerability in LogScale that let unauthenticated attackers read arbitrary files from the server filesystem. CVE-2026-40050 carries a CVSS score of 9.8…

calendar April 27, 2026
Microsoft Defender Targeted by Three Zero-Days, Two Remain Unpatched

Microsoft Defender Targeted by Three Zero-Days, Two Remain Unpatched

calendar April 24, 2026
Adobe Reader Zero-Day Exploited for Weeks Before Patch Existed

Adobe Reader Zero-Day Exploited for Weeks Before Patch Existed

calendar April 9, 2026

Take the next step - secure your business

Ensure your company is protected against cyber threats. Contact us to learn more.

Contact Us
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.