Information disclosure in Ransomlook

CVE-2026-40584

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code rem…

Vulnerability class: Information Disclosure

EPSS: 0.000 (14.8th percentile) — read the EPSS interpretation.

Affected products

Ransomlook — versions < 1.9.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/RansomLook/RansomLook/security/advisories/GHSA-hv66-vcqc-v87c (x_refsource_CONFIRM)
https://vulnerability.circl.lu/vuln/gcve-1-2026-0025 (x_refsource_MISC)