CrowdStrike LogScale Vulnerability Allows Remote Attackers to Read Arbitrary Files from Server
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
CrowdStrike has issued an urgent security advisory for a critical unauthenticated path-traversal vulnerability<\/a> (CVE-2026-40050) affecting its LogScale platform, warning that a remote attacker could exploit the flaw to read arbitrary files directly from the server\u2019s filesystem without authentication.<\/p>\n The vulnerability resides in a specific cluster API endpoint within CrowdStrike LogScale. If this endpoint is exposed, a remote attacker can leverage it to traverse the server\u2019s directory structure and access sensitive files without needing credentials.<\/p>\n The flaw carries a CVSS v3.1 score of 9.8 (CRITICAL), reflecting the severe potential impact on confidentiality, integrity, and availability.<\/p>\n Two weakness types underpin this vulnerability:<\/p>\n The vulnerability affects LogScale Self-Hosted GA versions 1.224.0 through 1.234.0 (inclusive), as well as LogScale Self-Hosted LTS versions 1.228.0 and 1.228.1. Notably, Next-Gen SIEM customers are not affected and require no action.<\/p>\n For LogScale SaaS customers, CrowdStrike already deployed network-layer blocks across all clusters on April 7, 2026, effectively mitigating the risk at the infrastructure level. The company also conducted a proactive review of all log data and found no evidence of exploitation in the wild.<\/p>\n CrowdStrike has confirmed<\/a> there is currently no indication of active exploitation. The vulnerability was discovered internally through the company\u2019s continuous product testing program, not reported via an external researcher or observed in a real-world attack.<\/p>\n CrowdStrike is actively monitoring LogScale SaaS environments for any signs of abuse or suspicious activity related to this flaw.<\/p>\n Self-hosted LogScale customers are urged to upgrade immediately to one of the following patched versions:<\/p>\n CrowdStrike confirmed that the patched builds introduce no direct or indirect performance impact on LogScale operations. Organizations running self-hosted instances should also follow standard incident response procedures to monitor for any signs of prior unauthorized access or file exfiltration.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post CrowdStrike LogScale Vulnerability Allows Remote Attackers to Read Arbitrary Files from Server<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n\n
Mitigations<\/strong><\/h2>\n
\n