CVE-2026-40584

UNKNOWN 0.0

RansomLook - Improper Filtering of Private Location Entries in API Endpoints Leads to Information Exposure

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries marked as private may be unintentionally retained in API responses, allowing unauthorized disclosure of non-public location information. This vulnerability is fixed in 1.9.0.

CWE	CWE-200
Vendor	ransomlook
Product	ransomlook
Published	Apr 21, 2026
Last Updated	Apr 21, 2026

Stay Ahead of the Next One

Get instant alerts for ransomlook ransomlook

Be the first to know when new unknown vulnerabilities affecting ransomlook ransomlook are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

RansomLook / RansomLook

< 1.9.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/RansomLook/RansomLook/security/advisories/GHSA-hv66-vcqc-v87c vulnerability.circl.lu: https://vulnerability.circl.lu/vuln/gcve-1-2026-0025