LogScale patches unauthenticated path traversal arbitrary file read

TL;DR — A Critical unauthenticated path traversal in CrowdStrike LogScale can let remote attackers read arbitrary files from the server filesystem via crafted API requests.

What happened

CrowdStrike LogScale (formerly Humio) is a log analytics platform used to ingest, search, and retain high-volume operational and security telemetry.

Security NEXT reports that CrowdStrike disclosed CVE-2026-40050, a path traversal issue that can be exploited by sending crafted remote requests to an API, enabling an attacker to read arbitrary files on the server without authentication. The report states the issue is scored CVSS v3.1 9.8 (Critical) and that CrowdStrike found it during product testing, with no signs of exploitation observed.

This is operationally high-impact because log platforms frequently sit on high-trust networks and tend to accumulate sensitive material (service tokens, configs, and credentials), making “read-any-file” bugs a common pivot point into broader application and cloud compromise.

Who is impacted

• Organizations running self-hosted CrowdStrike LogScale instances that have not been updated to a fixed release.
• Security NEXT reports SaaS deployments were mitigated on 2026-04-07, and that CrowdStrike Next-Gen SIEM is not affected.

What to do now

• Follow vendor remediation guidance as reported by Security NEXT and update self-hosted LogScale to one of the following fixed versions (or later): 1.235.1, 1.234.1, 1.233.1, or 1.228.2 (LTS).
• Inventory where LogScale is deployed (prod, staging, DR), confirm whether instances are self-hosted vs SaaS, and validate running versions against your patch baselines.
• Review external exposure: identify whether LogScale APIs are reachable from untrusted networks; treat any internet reachability as an emergency risk multiplier.
• Monitor for potential abuse signals around LogScale API access and unusual filesystem access patterns (especially attempts to read config, secrets, or key material).