Compliance Impact

This vulnerability allows unauthorized disclosure of non-public location information due to improper filtering in the RansomLook API. Such unintended exposure of private data could potentially lead to non-compliance with data protection regulations like GDPR or HIPAA, which require safeguarding of personal and sensitive information against unauthorized access.

However, the provided information does not explicitly mention any direct impact or assessment related to compliance with specific standards or regulations.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-40584 is an information exposure vulnerability in the RansomLook application that affects versions prior to 1.9.0.

The issue arises because the API improperly filters private location entries in the file website/web/api/genericapi.py. Specifically, the code removes elements from a list while iterating over it, which causes some private entries to remain in the API responses unintentionally.

As a result, unauthorized users can access non-public location information that should have been filtered out.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of private location data through the RansomLook API.

Because the filtering is flawed, sensitive non-public information may be exposed to anyone accessing the API without requiring authentication or user interaction.

The impact is primarily on confidentiality, with a low severity rating (CVSS 6.9), meaning that sensitive information leakage could occur but there is no impact on system integrity or availability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves improper filtering of private location entries in the RansomLook API responses, which may lead to unauthorized disclosure of non-public location information.

To detect this vulnerability on your system, you can monitor API responses from the affected RansomLook versions (prior to 1.9.0) for the presence of private location data that should have been filtered out.

Since the issue is in the API endpoint implemented in the file website/web/api/genericapi.py, you can perform requests to the API endpoints that return location data and inspect the responses for any private or sensitive location entries.

• Use curl or similar HTTP clients to query the API endpoints and check for private location data in the response, for example:
• curl -X GET https://<ransomlook-server>/api/genericapi/locations -v
• Inspect the JSON response for any entries that are marked as private but still included.
• You may also use network monitoring tools like Wireshark or tcpdump to capture API traffic and analyze responses for leakage of private location information.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability is fixed in RansomLook version 1.9.0. The immediate mitigation step is to upgrade your RansomLook installation to version 1.9.0 or later.

If upgrading immediately is not possible, consider restricting access to the affected API endpoints to trusted users only, to prevent unauthorized access to private location data.

Additionally, monitor API responses for leakage of private information and apply network-level controls such as firewall rules to limit exposure.

Useful 0 Not Useful 0