Latest CrowdStrike LogScale vulnerability: CVE-2026-40050 #
CrowdStrike disclosed that certain versions of self-hosted LogScale are susceptible to an unauthenticated path traversal vulnerability. A remote, unauthenticated attacker could exploit a specific, exposed cluster API endpoint to read arbitrary files from the server filesystem. This vulnerability has been designated CVE-2026-40050 and has been rated critical with a CVSS score of 9.1. This vulnerability does not affect Next-Gen SIEM customers.
The following versions are affected:
- LogScale Self-Hosted (GA): Versions 1.224.0 through 1.234.0 (inclusive)
- LogScale Self-Hosted (LTS): Version 1.228.0 and 1.228.1
What is CrowdStrike Falcon LogScale? #
CrowdStrike Falcon LogScale (formerly Humio) is a log management and observability platform that ingests, stores, and enables real-time search of large-volume streaming data using an index-free architecture.
What is the impact? #
Successful exploitation of these vulnerabilities would allow an adversary to read arbitrary files on the vulnerable host.
Are updates or workarounds available? #
Users are encouraged upgrade affected systems to the following versions immediately:
- LogScale 1.228.x: Upgrade to 1.228.2 (LTS) or later.
- LogScale 1.224.0 through 1.234.0: Upgrade to 1.233.1, 1.234.1, 1.235.1, or later.
How to find potentially vulnerable systems with runZero #
From the Service inventory, use the following query to locate potentially impacted assets:
_asset.protocol:http AND protocol:http AND (http.head.server:="Humio-%" OR last.http.head.server:="Humio-%")
