Cyber Resilience

CVE-2026-40050

Critical

Published: 21 April 2026

Published
21 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0060 43.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-40050 is a critical-severity Path Traversal (CWE-22) vulnerability in Crowdstrike (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-40050 is a critical unauthenticated path traversal vulnerability (CWE-22, CWE-306) in CrowdStrike LogScale, affecting specific versions hosted by customers. The issue resides in a cluster API endpoint that, when exposed, enables unauthorized access. It does not impact Next-Gen SIEM customers or require action from them.

A remote attacker with network access to the exposed endpoint can exploit this vulnerability without authentication, privileges, or user interaction, achieving high confidentiality, integrity, and availability impacts as scored at CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation allows reading arbitrary files from the server filesystem.

CrowdStrike's advisory recommends immediate upgrades to patched versions for LogScale self-hosted customers. For LogScale SaaS customers, the vendor deployed network-layer blocks across all clusters on April 7, 2026, mitigating the issue. Details are available at https://www.crowdstrike.com/en-us/security-advisories/cve-2026-40050/.

CrowdStrike discovered the vulnerability through ongoing product testing and, after proactive log review, found no evidence of real-world exploitation. The CVE was published on April 21, 2026.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in…

more

a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication. Next-Gen SIEM customers are not affected and do not need to take any action. CrowdStrike mitigated the vulnerability for LogScale SaaS customers by deploying network-layer blocks to all clusters on April 7, 2026. We have proactively reviewed all log data and there is no evidence of exploitation. LogScale Self-hosted customers should upgrade to a patched version immediately to remediate the vulnerability. CrowdStrike identified this vulnerability during continuous and ongoing product testing.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Unauthenticated path traversal in exposed cluster API endpoint enables exploitation of public-facing application (T1190) and arbitrary file reads from local filesystem (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-25224Shared CWE-306
CVE-2025-26753Shared CWE-22
CVE-2026-23939Shared CWE-22
CVE-2025-69411Shared CWE-22
CVE-2025-25997Shared CWE-22
CVE-2025-27837Shared CWE-22
CVE-2025-68902Shared CWE-22
CVE-2026-3405Shared CWE-22
CVE-2024-54909Shared CWE-22
CVE-2026-39352Shared CWE-22

Affected Assets

Crowdstrike
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely remediation of flaws like this unauthenticated path traversal vulnerability through patching, as recommended by CrowdStrike for self-hosted LogScale.

prevent

SI-10 mandates validation of inputs to the cluster API endpoint to block path traversal attacks that allow arbitrary file reads.

prevent

SC-7 enforces boundary protection to block network access to the exposed vulnerable API endpoint, mirroring CrowdStrike's network-layer mitigation for SaaS.

References