Critical CrowdStrike LogScale vulnerability disclosed

CrowdStrike has disclosed CVE-2026-40050, a critical unauthenticated path traversal vulnerability in its LogScale self-hosted deployments. The flaw, discovered through internal testing, allows remote attackers to read arbitrary files from the server's filesystem via a specific cluster API endpoint. While SaaS customers were protected via network-layer mitigations on April 7, self-hosted customers require immediate patching. No active exploitation has been observed, but such defensive platforms are high-value targets as compromise can undermine detection and enable lateral movement.