Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-40050 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2026 |
| Date Published | 2026-04-21 |
| Vendor | CrowdStrike |
| Product | LogScale |
| CVSS Score | 9.8 (critical) |
| EPSS Score | No data |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication.
Next-Gen SIEM customers are not affected…
Required Actions
Apply vendor patches or mitigations as soon as available.
Who Is Affected?
This vulnerability affects LogScale by CrowdStrike (self-hosted versions only). Next-Gen SIEM customers are not affected. Check whether your organization runs vulnerable versions and apply the update immediately.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
