Description
RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries marked as private may be unintentionally retained in API responses, allowing unauthorized disclosure of non-public location information. This vulnerability is fixed in 1.9.0.
Published: 2026-04-21
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Information Disclosure
Action: Upgrade
AI Analysis

Impact

The vulnerability stems from improper filtering of private location entries in the web API. When the list is modified while iterating, elements marked as private may remain in the response, exposing non‑public location data. This results in an information disclosure weakness (CWE‑200).

Affected Systems

The affected system is the RansomLook tool. All releases prior to version 1.9.0 are impacted. The defect was corrected in version 1.9.0, where the list‑modification logic that caused private entries to leak was removed.

Risk and Exploitability

With a CVSS score of 6.9, the vulnerability represents moderate severity. The exploitation vector is through the exposed API endpoints, which is inferred as a network‑based attack path. An attacker who can reach the API, without additional authentication, could retrieve private location data. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 21, 2026 at 22:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade RansomLook to version 1.9.0 or later to apply the vendor fix.
  • If an upgrade is not immediately possible, restrict access to the web API so that only trusted users or IP addresses can request location data.
  • Implement an additional filter in the API code to exclude entries marked as private before constructing the response payload.

Generated by OpenCVE AI on April 21, 2026 at 22:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Description RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries marked as private may be unintentionally retained in API responses, allowing unauthorized disclosure of non-public location information. This vulnerability is fixed in 1.9.0.
Title RansomLook - Improper Filtering of Private Location Entries in API Endpoints Leads to Information Exposure
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-21T17:29:55.759Z

Reserved: 2026-04-14T13:24:29.475Z

Link: CVE-2026-40584

cve-icon Vulnrichment

Updated: 2026-04-21T17:29:52.286Z

cve-icon NVD

Status : Received

Published: 2026-04-21T17:16:56.240

Modified: 2026-04-21T17:16:56.240

Link: CVE-2026-40584

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T22:45:16Z

Weaknesses