Full Report
CrowdStrike security advisory (AV26-384)
Analysis Summary
# Vulnerability: CrowdStrike LogScale Unauthenticated Path Traversal
## CVE Details
- **CVE ID:** CVE-2026-40050
- **CVSS Score:** 9.8 (Critical)
- **CWE:** CWE-22 (Improper Limitation of a Pathname to a Restricted Directory / Path Traversal)
## Affected Systems
- **Products:** LogScale Self-Hosted (Standard and LTS versions)
- **Versions:**
- LogScale Self-Hosted GA: versions 1.224.0 to 1.234.0 (inclusive)
- LogScale Self-Hosted LTS: versions 1.228.0 and 1.228.1
- **Configurations:** Self-hosted deployments of the LogScale platform.
## Vulnerability Description
A critical path traversal vulnerability exists in the CrowdStrike LogScale Self-Hosted platform. The flaw allows an unauthenticated remote attacker to send specially crafted requests to the server to bypass directory restrictions. This enables the attacker to read arbitrary files from the underlying operating system that the LogScale service has permissions to access.
## Exploitation
- **Status:** Information provided suggests vulnerability identified; exploitation status in the wild not explicitly detailed in the advisory, but severity indicates high risk.
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** Total (Attacker can access sensitive system files and application data).
- **Integrity:** None (Read-only access via path traversal).
- **Availability:** None (Though sensitive data exposure can lead to further attacks that impact availability).
## Remediation
### Patches
CrowdStrike has released updates to address this vulnerability. Users are advised to upgrade to the following versions or later:
- **LogScale Self-Hosted GA:** Update to version 1.235.0 or later.
- **LogScale Self-Hosted LTS:** Update to version 1.228.2 or later.
### Workarounds
No specific workarounds were provided in the advisory. Immediate patching is the recommended course of action for critical path traversal vulnerabilities.
## Detection
- **Indicators of Compromise:** Unusual HTTP GET requests containing path traversal sequences (e.g., `../`, `..%2f`, or `..%5c`) targeted at LogScale endpoints.
- **Detection methods and tools:** Review web server and application access logs for exploitation attempts. Ensure endpoint detection tools are monitoring for unauthorized file access by the LogScale service account.
## References
- [CrowdStrike Security Advisory CVE-2026-40050] hxxps://www[.]crowdstrike[.]com/en-us/security-advisories/cve-2026-40050/
- [CrowdStrike Security Advisories Portal] hxxps://www[.]crowdstrike[.]com/en-us/security-advisories/
- [Canadian Centre for Cyber Security Advisory] hxxps://www[.]cyber[.]gc[.]ca/en/alerts-advisories/crowdstrike-security-advisory-av26-384