CVE-2026-40584
Improper Filtering in RansomLook API Causes Data Exposure
Publication date: 2026-04-21
Last updated on: 2026-04-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ransomlook | ransomlook | to 1.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of private location data through the RansomLook API.
Because the filtering is flawed, sensitive non-public information may be exposed to anyone accessing the API without requiring authentication or user interaction.
The impact is primarily on confidentiality, with a low severity rating (CVSS 6.9), meaning that sensitive information leakage could occur but there is no impact on system integrity or availability.
Can you explain this vulnerability to me?
CVE-2026-40584 is an information exposure vulnerability in the RansomLook application that affects versions prior to 1.9.0.
The issue arises because the API improperly filters private location entries in the file website/web/api/genericapi.py. Specifically, the code removes elements from a list while iterating over it, which causes some private entries to remain in the API responses unintentionally.
As a result, unauthorized users can access non-public location information that should have been filtered out.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper filtering of private location entries in the RansomLook API responses, which may lead to unauthorized disclosure of non-public location information.
To detect this vulnerability on your system, you can monitor API responses from the affected RansomLook versions (prior to 1.9.0) for the presence of private location data that should have been filtered out.
Since the issue is in the API endpoint implemented in the file website/web/api/genericapi.py, you can perform requests to the API endpoints that return location data and inspect the responses for any private or sensitive location entries.
- Use curl or similar HTTP clients to query the API endpoints and check for private location data in the response, for example:
- curl -X GET https://<ransomlook-server>/api/genericapi/locations -v
- Inspect the JSON response for any entries that are marked as private but still included.
- You may also use network monitoring tools like Wireshark or tcpdump to capture API traffic and analyze responses for leakage of private location information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized disclosure of non-public location information due to improper filtering in the RansomLook API. Such unintended exposure of private data could potentially lead to non-compliance with data protection regulations like GDPR or HIPAA, which require safeguarding of personal and sensitive information against unauthorized access.
However, the provided information does not explicitly mention any direct impact or assessment related to compliance with specific standards or regulations.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in RansomLook version 1.9.0. The immediate mitigation step is to upgrade your RansomLook installation to version 1.9.0 or later.
If upgrading immediately is not possible, consider restricting access to the affected API endpoints to trusted users only, to prevent unauthorized access to private location data.
Additionally, monitor API responses for leakage of private information and apply network-level controls such as firewall rules to limit exposure.