CrowdStrike Fixes Critical Vulnerability in LogScale Allowing Unauthenticated File Access

CrowdStrike addressed a critical vulnerability, CVE-2026-40050, in its LogScale self-hosted product, which permitted unauthenticated path traversal attacks. The flaw allowed remote attackers to read arbitrary files from the server’s filesystem without authentication. No specific exploitation timeline or affected version ranges were disclosed in the notice. The vulnerability was mitigated through security updates released by CrowdStrike. The impact was limited to self-hosted LogScale deployments, excluding cloud-based instances. No additional technical details about the attack vector or proof-of-concept exploits were provided.