Improper API Filtering in RansomLook by RansomLook
CVE-2026-40584

6.9MEDIUM

Key Information:

Vendor: Ransomlook
Status: Ransomlook
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-40584?

RansomLook, a tool designed to monitor Ransomware groups and markets, contains a vulnerability in its API related to improper filtering of private location information. Prior to the release of version 1.9.0, the application mishandled data by not properly removing private entries from a list during iteration, potentially leading to unauthorized access to non-public location data. This flaw raises significant concerns regarding user privacy and data security, highlighting the importance of applying the latest updates to mitigate such risks.

Affected Version(s)

RansomLook < 1.9.0

References

https://github.com/RansomLook/RansomLook/security/advisor...

x_refsource_CONFIRM

https://vulnerability.circl.lu/vuln/gcve-1-2026-0025

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2026-40584 Data

JSON

Ransomlook

What is CVE-2026-40584?

Affected Version(s)

References

CVSS V4

Timeline