Path Traversal Vulnerability in LogScale from CrowdStrike
CVE-2026-40050

9.8CRITICAL

Key Information:

Vendor: Crowdstrike
Status: Logscale Self-hosted
Vendor: CVE Published:; 21 April 2026

🔔 Create Crowdstrike Vulnerability Alert

What is CVE-2026-40050?

A security issue has been identified in LogScale, developed by CrowdStrike, allowing unauthenticated attackers to exploit a specific API endpoint. This vulnerability enables unauthorized access to read sensitive files on the server's filesystem. It is critical for self-hosted LogScale customers to upgrade to the patched version to safeguard against potential exploitation. The issue was recognized during proactive product testing and has been addressed for SaaS customers through network-layer defenses.

Affected Version(s)

LogScale Self-Hosted 1.224.0 <= 1.235.0

References

https://www.crowdstrike.com/en-us/security-advisories/cve...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 8, 2026

CVE-2026-40050 Data

JSON