Threat Advisory

Critical LogScale Vulnerability Allows Unauthenticated File Access

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: Critical

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

2026-40050 with a CVSS score of 9.8 is a critical vulnerability in CrowdStrike's LogScale platform that allows unauthenticated file access. The vulnerability exists within a cluster API endpoint in specific impacted versions of LogScale Self-Hosted, including GA versions 1.224.0 through 1.234.0 and LTS versions 1.228.0 and 1.228.1. A remote attacker can exploit the vulnerability by sending a specially crafted request to the endpoint, which allows them to read arbitrary files from the server filesystem without authentication. This means a threat actor could potentially access sensitive configuration files, system logs, or even credentials stored on the host server without ever needing to log in. The exploitation of this vulnerability grants the attacker access to sensitive data, posing a significant business impact and consequences, including potential data breaches and unauthorized access to critical systems. For exploitation, a remote attacker requires only network access to the vulnerable endpoint, and the vulnerability does not require any prerequisites or conditions other than the exposed endpoint.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

2026-40050 with a CVSS score of 9.8 is a critical vulnerability in CrowdStrike's LogScale platform that allows unauthenticated file access. The vulnerability exists within a cluster API endpoint in specific impacted versions of LogScale Self-Hosted, including GA versions 1.224.0 through 1.234.0 and LTS versions 1.228.0 and 1.228.1. A remote attacker can exploit the vulnerability by sending a specially crafted request to the endpoint, which allows them to read arbitrary files from the server filesystem without authentication. This means a threat actor could potentially access sensitive configuration files, system logs, or even credentials stored on the host server without ever needing to log in. The exploitation of this vulnerability grants the attacker access to sensitive data, posing a significant business impact and consequences, including potential data breaches and unauthorized access to critical systems. For exploitation, a remote attacker requires only network access to the vulnerable endpoint, and the vulnerability does not require any prerequisites or conditions other than the exposed endpoint.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update LogScale Self-Hosted to below versions:

LogScale Self-Hosted to version 1.235.1, 1.234.1, or 1.233.1
LogScale Self-Hosted LTS to version 1.228.2 or later

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/crowdstrike-logscale-vulnerability-cve-2026-40050-path-traversal/

[/emaillocker]

Recent Advisories

TradingClaw Campaign Hijacks Browsers for Data Exfiltration

April 23, 2026

Mustang Panda APT Breaching Banking Sectors with LOTUSLITE Malware

April 23, 2026

TeamPCP Supply Chain Attack Infects Xinference PyPI Package with Credential Stealer

April 23, 2026

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

April 23, 2026