Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication.
Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation.
LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability.
CrowdStrike identified this vulnerability during continuous and ongoing product testing.
AnalysisAI
Unauthenticated path traversal in CrowdStrike LogScale cluster API allows remote attackers to read arbitrary files from server filesystems. Affects only self-hosted LogScale deployments with specific vulnerable versions; Next-Gen SIEM customers are not impacted. CrowdStrike proactively identified this during internal testing and deployed network-layer blocks for SaaS customers on April 7, 2026, with log analysis confirming no evidence of exploitation. CVSS 9.8 critical severity with network vector and no authentication required (AV:N/PR:N), though EPSS and KEV data not available at time of analysis.
Technical ContextAI
This is a CWE-22 path traversal vulnerability affecting a specific cluster API endpoint in CrowdStrike LogScale, a log management and SIEM platform. Path traversal flaws allow attackers to access files outside the intended directory by manipulating file path parameters with sequences like '../' to traverse the filesystem hierarchy. The vulnerability resides in LogScale's cluster API layer, which handles inter-node communication and cluster management operations. When this API endpoint is exposed to network access without proper path sanitization, unauthenticated remote attackers can craft requests to read arbitrary files that the LogScale process has filesystem permissions to access, potentially including configuration files, credentials, application code, or sensitive log data stored on the server.
RemediationAI
Self-hosted LogScale customers must upgrade to a patched version immediately as the primary remediation action. Specific fixed versions should be obtained from the official CrowdStrike security advisory at https://www.crowdstrike.com/en-us/security-advisories/cve-2026-40050/. As an interim compensating control if immediate patching is not feasible, restrict network access to LogScale cluster API endpoints to only trusted management networks using firewall rules or network segmentation, blocking all internet-facing exposure to cluster APIs. This significantly reduces attack surface but is not a complete fix as it does not protect against insider threats or lateral movement scenarios. Review firewall and access control logs for any suspicious access attempts to cluster API endpoints prior to applying patches. Next-Gen SIEM and LogScale SaaS customers do not need to take any action as mitigations are already in place or the vulnerability does not apply to their deployment model.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24164
GHSA-q4qj-hj7m-7jgx