CVE-2026-40050: CWE-306 Missing authentication for critical function in CrowdStrike LogScale Self-Hosted
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication. Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation. LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability. CrowdStrike identified this vulnerability during continuous and ongoing product testing.
AI Analysis
Technical Summary
CrowdStrike LogScale Self-Hosted version 1.224.0 contains a critical vulnerability (CWE-306) where a cluster API endpoint lacks authentication, enabling unauthenticated remote attackers to perform path traversal and read arbitrary files on the server. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. CrowdStrike has mitigated the risk for SaaS customers by deploying network-layer blocks and confirmed no impact on Next-Gen SIEM customers. The vulnerability was discovered through ongoing product testing and has been publicly disclosed with recommendations for self-hosted customers to upgrade.
Potential Impact
Successful exploitation allows unauthenticated remote attackers to read arbitrary files on the server hosting LogScale Self-Hosted, potentially exposing sensitive data and compromising system integrity and availability. The vulnerability has a critical CVSS score of 9.8, reflecting its severity. No known exploits in the wild have been reported, and CrowdStrike's proactive mitigation for SaaS customers reduces risk for those environments.
Mitigation Recommendations
CrowdStrike advises all LogScale Self-Hosted customers running affected versions (specifically 1.224.0) to upgrade immediately to a patched version to remediate this vulnerability. Next-Gen SIEM customers do not require any action. SaaS customers have been protected by network-layer blocks deployed by CrowdStrike as of April 7, 2026. Patch status is not explicitly confirmed in the advisory, so customers should consult CrowdStrike's official updates for the latest remediation guidance.
CVE-2026-40050: CWE-306 Missing authentication for critical function in CrowdStrike LogScale Self-Hosted
Description
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication. Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation. LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability. CrowdStrike identified this vulnerability during continuous and ongoing product testing.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CrowdStrike LogScale Self-Hosted version 1.224.0 contains a critical vulnerability (CWE-306) where a cluster API endpoint lacks authentication, enabling unauthenticated remote attackers to perform path traversal and read arbitrary files on the server. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. CrowdStrike has mitigated the risk for SaaS customers by deploying network-layer blocks and confirmed no impact on Next-Gen SIEM customers. The vulnerability was discovered through ongoing product testing and has been publicly disclosed with recommendations for self-hosted customers to upgrade.
Potential Impact
Successful exploitation allows unauthenticated remote attackers to read arbitrary files on the server hosting LogScale Self-Hosted, potentially exposing sensitive data and compromising system integrity and availability. The vulnerability has a critical CVSS score of 9.8, reflecting its severity. No known exploits in the wild have been reported, and CrowdStrike's proactive mitigation for SaaS customers reduces risk for those environments.
Mitigation Recommendations
CrowdStrike advises all LogScale Self-Hosted customers running affected versions (specifically 1.224.0) to upgrade immediately to a patched version to remediate this vulnerability. Next-Gen SIEM customers do not require any action. SaaS customers have been protected by network-layer blocks deployed by CrowdStrike as of April 7, 2026. Patch status is not explicitly confirmed in the advisory, so customers should consult CrowdStrike's official updates for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CrowdStrike
- Date Reserved
- 2026-04-08T18:55:21.490Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e7b0e319fe3cd2cde9a45f
Added to database: 4/21/2026, 5:16:19 PM
Last enriched: 4/21/2026, 5:32:38 PM
Last updated: 4/22/2026, 6:05:28 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.