Changeflow GovPing Data Privacy & Cybersecurity CrowdStrike LogScale Critical Arbitrary File Re...
Priority review Notice Added Final

CrowdStrike LogScale Critical Arbitrary File Read Vulnerability Resolved

Favicon for www.csirt.gov.it Italy CSIRT Advisories
Published
Detected
Email

Summary

Italy's CSIRT published Alert AL03/260423/CSIRT-ITA on 23 April 2026 disclosing a critical arbitrary file read vulnerability (CVE-2026-40050) in CrowdStrike LogScale Self-Hosted. The flaw could allow an unauthenticated remote attacker to read arbitrary files from the server filesystem. Affected versions span LogScale GA 1.224.0 through 1.233.0, LogScale Self-Hosted 1.234.x prior to 1.234.1, and LogScale Self-Hosted LTS 1.228.x up to 1.228.1. CrowdStrike has released a patch; the vendor's security advisory is linked in the references. System impact is rated as High (66.41). Organizations running any affected version should update immediately to the patched release per the vendor bulletin.

“Tale vulnerabilità, qualora sfruttata, potrebbe consentire a un utente malintenzionato non autenticato la lettura di file arbitrari dal filesystem del server.”

Why this matters

Organizations running LogScale Self-Hosted should cross-reference their deployment inventory against the three version ranges identified in the alert. Any instance falling within the affected ranges should be patched before any network exposure assessment is complete — the arbitrary file read vulnerability is remotely exploitable by an unauthenticated actor, meaning no credentials are required to mount an attack once the vulnerable instance is network-reachable.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by CSIRT-ITA on acn.gov.it . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors Italy CSIRT Advisories for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 18 changes logged to date.

View original document View source feed page

What changed

Italy's national Computer Security Incident Response Team (CSIRT-ITA) issued an alert on 23 April 2026 notifying that CrowdStrike has resolved a critical arbitrary file read vulnerability in its LogScale Self-Hosted platform. The flaw, catalogued as CVE-2026-40050, carries a critical severity rating and could enable an unauthenticated remote attacker to access arbitrary files on the affected server filesystem. The alert covers three affected version ranges: LogScale GA releases from 1.224.0 through 1.233.0 (inclusive), LogScale Self-Hosted 1.234.x prior to version 1.234.1, and LogScale Self-Hosted LTS 1.228.x up to and including 1.228.1. CrowdStrike has published a corresponding security advisory and patched the vulnerability.

Organizations that operate LogScale Self-Hosted instances should identify their current version and update without delay to a patched release as directed by the CrowdStrike security bulletin. Failure to patch leaves the server vulnerable to unauthenticated remote file access, which could expose configuration files, credentials, or other sensitive data stored on the system. Given the High (66.41) system impact rating assigned by CSIRT-ITA, this vulnerability should be treated as a priority remediation item for any Italian public-sector entity or regulated industry running affected LogScale deployments.

What to do next

  1. Update vulnerable LogScale Self-Hosted installations to the patched version as specified in the CrowdStrike security bulletin

Archived snapshot

Apr 25, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

CrowdStrike: risolta vulnerabilità in LogScale

**
Alert**

AL03/260423/CSIRT-ITA

Condividi
- Facebook
- Twitter
- LinkedIn
- Whatsapp

Sintesi

Aggiornamento di sicurezza risolve una vulnerabilità con gravità “critica” in CrowdStrike LogScale. Tale vulnerabilità, qualora sfruttata, potrebbe consentire a un utente malintenzionato non autenticato la lettura di file arbitrari dal filesystem del server.

Tipologia

  • Arbitrary File Read

Prodotti e/o versioni affette

  • LogScale Self-Hosted: versioni GA dalla 1.224.0 alla 1.233.0 (inclusa)
  • LogScale Self-Hosted 1.234.x: versioni GA precedenti alla 1.234.1
  • LogScale Self-Hosted LTS 1.228.x: versione 1.228.1 e precedenti

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si consiglia di aggiornare i prodotti vulnerabili seguendo le indicazioni del bollettino di sicurezza riportato nella sezione Riferimenti.

CVE (1)

Cerca:
| CVE | POC | EXPLOITATION |
| --- | --- | --- |
| CVE-2026-40050 | - | - |

Riferimenti (1)

  1. https://www.crowdstrike.com/en-us/security-advisories/cve-2026-40050/

Change log

Versione Note Data
1.0 Pubblicato il 23-04-2026 23/04/2026

Impatto sistemico

Alto (66.41)

Argomenti

Data pubblicazione

23/04/26 ore 13:12

Data Ultimo Aggiornamento

23/04/26 ore 13:12

Named provisions

Arbitrary File Read CVE-2026-40050

Related changes

Favicon for www.acn.gov.it CrowdStrike LogScale Arbitrary File Read Vulnerability Resolved
Priority review Apr 23, 2026 Italy ACN News alt Data Privacy & Cybersecurity
Favicon for www.csirt.gov.it Juniper Networks Fixes High Severity Junos OS Arbitrary Code Execution Vulnerability
Priority review Apr 25, 2026 Italy CSIRT Advisories Data Privacy & Cybersecurity
Favicon for www.csirt.gov.it Grafana Tempo High-Severity DoS Vulnerability Resolved — Update Required
Priority review Apr 24, 2026 Italy CSIRT Advisories Data Privacy & Cybersecurity

Get daily alerts for Italy CSIRT Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.csirt.gov.it
Italy CSIRT Advisories csirt.gov.it/contenuti
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CSIRT-ITA.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CSIRT-ITA
Published
April 23rd, 2026
Instrument
Notice
Branch
Executive
Source language
it
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
AL03/260423/CSIRT-ITA

Who this affects

Applies to
Technology companies Government agencies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability remediation Software patching Server security
Geographic scope
IT IT

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy

Browse Categories

Agriculture & Food Safety 84 AI Regulation 1 Banking & Finance 507 Consumer Protection 142 Courts & Legal 629 Data Privacy & Cybersecurity 152 Defense & National Security 52 Education 63 Energy 135 Environment 170 Government & Legislation 530 Healthcare 1 Healthcare & Life Sciences 413 Immigration 11 Insurance 90 Labor & Employment 196 Pharma & Drug Safety 12 Real Estate & Housing 76 Securities & Markets 178 Tax 118 Telecom & Technology 57 Trade & Sanctions 167 Transportation 132

Get alerts for this source

We'll email you when Italy CSIRT Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!