CrowdStrike LogScale Critical CVE-2023-40148 Lets Attackers Read Server Files
Key Takeaways CrowdStrike has disclosed a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in its LogScale platform. The flaw allows remote attackers to read arbitrary files...
Key Takeaways
- CrowdStrike has disclosed a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in its LogScale platform.
- The flaw allows remote attackers to read arbitrary files from affected servers without authentication.
- LogScale Self-Hosted versions 1.224.0 through 1.234.0 (GA) and 1.228.0, 1.228.1 (LTS) are impacted.
- CrowdStrike has released patches, and no active exploitation has been detected.
Critical CrowdStrike LogScale Flaw Exposes Server Files to Unauthenticated Attackers
CrowdStrike has issued an urgent security advisory concerning a severe, unauthenticated path traversal vulnerability, tracked as CVE-2026-40050, within its LogScale platform. This critical flaw could enable a remote attacker to read arbitrary files directly from the underlying server’s filesystem without requiring any authentication.
Table Of Content
The vulnerability specifically affects a cluster API endpoint within the CrowdStrike LogScale solution. Should this endpoint be publicly accessible, an attacker can exploit it to navigate the server’s directory structure and gain unauthorized access to sensitive files, bypassing the need for credentials.
Assigned a CVSS v3.1 score of 9.8 (CRITICAL), the vulnerability underscores a significant risk to the confidentiality, integrity, and availability of affected systems.
Technical Details of the Vulnerability
The LogScale vulnerability is rooted in two distinct weakness types:
- CWE-306 – Missing Authentication for Critical Function
- CWE-22 – Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
Affected Versions and Mitigation Status
The vulnerability impacts LogScale Self-Hosted GA versions 1.224.0 up to and including 1.234.0, as well as LogScale Self-Hosted LTS versions 1.228.0 and 1.228.1. Importantly, customers utilizing CrowdStrike’s Next-Gen SIEM are not affected by this vulnerability and do not need to take any action.
For LogScale SaaS customers, CrowdStrike proactively implemented network-layer blocks across all clusters on April 7, 2026, effectively mitigating the risk at the infrastructure level. The company also conducted a thorough review of all log data and found no evidence of in-the-wild exploitation.
CrowdStrike has confirmed that there is currently no indication of active exploitation. The flaw was discovered internally through the company’s continuous product testing program, rather than being reported by an external researcher or observed in a real-world attack scenario.
CrowdStrike continues to actively monitor its LogScale SaaS environments for any signs of abuse or suspicious activity related to this vulnerability.
What You Should Do
Self-hosted LogScale customers are strongly advised to upgrade immediately to one of the following patched versions:
- 1.235.1 or later
- 1.234.1 or later
- 1.233.1 or later
- 1.228.2 (LTS) or later
CrowdStrike has verified that these patched builds do not introduce any direct or indirect performance impact on LogScale operations. Organizations operating self-hosted instances should also implement standard incident response procedures to monitor for any indicators of prior unauthorized access or file exfiltration.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.