CrowdStrike Patches Critical Path Traversal Vulnerability in LogScale
Take action: If you use self-hosted LogScale, plan a quick update to a patched version ASAP. Always keep your cluster API endpoints behind a firewall or VPN to limit exposure to attackers.
Learn More
CrowdStrike released security updates to fix one critical vulnerability in its LogScale product. The flaw allows unauthenticated users to access files on the server filesystem.
The flaw is tracked as CVE-2026-40050 (CVSS score 9.8), an unauthenticated path traversal vulnerability in the CrowdStrike LogScale cluster API endpoint that allows remote attackers to bypass authentication. By sending a crafted request to the API, an attacker can read any file from the server filesystem. This flaw lets unauthorized users steal sensitive data or configuration files without needing a password.
Impacted versions include GA releases 1.224.0 through 1.234.0 and LTS versions 1.228.0 and 1.228.1. CrowdStrike Next-Gen SIEM customers do not use the vulnerable component and are not at risk. SaaS clusters received network-layer blocks to stop potential attacks automatically.
Self-hosted customers should upgrade to a patched version ASAP. Fixed versions include 1.235.1, 1.234.1, 1.233.1, or 1.228.2 (LTS). Administrators should also check that their cluster API endpoints are not open to the public internet.
