Skip to main content

RansomLook CVE-2026-40584

| EUVDEUVD-2026-24180 MEDIUM
Information Exposure (CWE-200)
2026-04-21 security-advisories@github.com
6.9
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Patch released
Apr 27, 2026 - 19:47 nvd
Patch available
Patch available
Apr 21, 2026 - 19:01 EUVD
Analysis Generated
Apr 21, 2026 - 17:38 vuln.today
EUVD ID Assigned
Apr 21, 2026 - 17:22 euvd
EUVD-2026-24180
Analysis Generated
Apr 21, 2026 - 17:22 vuln.today
CVE Published
Apr 21, 2026 - 17:16 nvd
MEDIUM 6.9

DescriptionGitHub Advisory

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries marked as private may be unintentionally retained in API responses, allowing unauthorized disclosure of non-public location information. This vulnerability is fixed in 1.9.0.

AnalysisAI

RansomLook versions prior to 1.9.0 disclose non-public location information through an improper list-filtering logic error in the API layer. The vulnerability stems from removing elements from a list during iteration in website/web/api/genericapi.py, causing entries marked as private to persist in API responses. Unauthenticated remote attackers can retrieve sensitive location data that should remain hidden, with CVSS 6.9 indicating low confidentiality impact across the network.

Technical ContextAI

RansomLook's API endpoint responsible for location data filtering contains a classic concurrent modification vulnerability. The code iterates over a list of location entries while removing elements that should be marked as private, which causes the iterator to skip elements or retain unprocessed entries depending on the iteration method. This is a common programming error in Python where removing items from a list during iteration (via list.remove() within a for loop) causes elements to be skipped. The flaw affects the genericapi.py module, which serves API responses to web clients. CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) describes the root cause: the API fails to properly gate access to or filter sensitive data before transmission.

RemediationAI

Upgrade RansomLook to version 1.9.0 or later to apply the vendor-released patch that corrects the list-filtering logic in genericapi.py. Organizations running versions prior to 1.9.0 should prioritize this upgrade to prevent unauthorized disclosure of location data. If immediate patching is not feasible, implement network-level access controls to restrict API endpoint exposure to trusted internal networks only, or disable public API access until the patch can be deployed. Note that restricting API access may impact legitimate monitoring use cases, so evaluate the trade-off against your operational requirements. No workarounds exist short of API restriction, as the vulnerability is intrinsic to the filtering logic and cannot be mitigated through configuration.

Share

CVE-2026-40584 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy