About:
CVE-2026-40050 is a critical path traversal vulnerability in CrowdStrike LogScale caused by improper restriction of file paths combined with missing authentication controls.
An unauthenticated attacker can exploit this flaw over the network by sending crafted requests to access files or functionality outside intended directories. Successful exploitation may allow unauthorized access to sensitive system data or internal components of the LogScale platform.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Unauthenticated Path Traversal Vulnerability in CrowdStrike LogScale
Identifier: CVE-2026-40050
CVSS Score: 9.8 (Critical, CVSS v3.1)
PoC or Exploitation:
There are no confirmed reports of active exploitation in the wild and no validated public proof-of-concept exploit code.
Update/ Patch:
CrowdStrike has released mitigations and guidance for this vulnerability.
Affected versions include:
- Self-hosted CrowdStrike LogScale deployments
- LogScale Self-Hosted: GA versions 1.224.0 through 1.234.0 (inclusive).
- LogScale Self-Hosted LTS: Version 1.228.0, 1.228.1
Fixed / Mitigated status:
- LogScale Self-Hosted 1.235.1 or later
- LogScale Self-Hosted 1.234.1 or later
- LogScale Self-Hosted 1.233.1 or later
- LogScale Self-Hosted 1.228.2 (LTS) or later
CrowdStrike advisory and patch guidance:
Description:
CVE-2026-40050 is an unauthenticated path traversal vulnerability in CrowdStrike LogScale caused by improper restriction of file paths combined with missing authentication controls.
An attacker can exploit this vulnerability over a network without authentication by sending crafted requests to the affected system. Successful exploitation may allow unauthorized access to files or functionality outside intended boundaries.
Mitigation Recommendation:
Immediately update self-hosted CrowdStrike LogScale deployments to the patched version.
Confirm whether the environment is self-hosted LogScale, SaaS LogScale, or Next-Gen SIEM, as SaaS deployments have already been mitigated and Next-Gen SIEM is not affected.
Restrict access to LogScale interfaces to trusted networks only.
Monitor system and application logs for suspicious unauthenticated requests or abnormal file access activity.