Security Advisories
This page lists security vulnerabilities that affected the RansomLeak platform, after a fix is available and affected customers have been notified. Each advisory states the severity, the affected scope, and the resolution. RansomLeak is a multi-tenant SaaS: customers run no software of their own, so fixes are deployed centrally and no customer action is required unless an advisory says otherwise.
No advisories published to date
No security vulnerability affecting customer data or platform integrity has required a public advisory since launch. When one does, it will appear here with its severity, scope, and fix.
Current as of June 11, 2026.
Severity levels
- Critical
- Customer data exposure or full access bypass. Fix target: 24 hours.
- High
- Privilege escalation or single-tenant impact. Fix target: 72 hours.
- Medium
- Limited impact requiring unusual preconditions.
- Low
- Hardening findings with no practical exploit path.
How an advisory gets published
Disclosure is coordinated: a fix ships and affected customers hear from us before anything appears on this page.
- 1
Triage and validation
Reports are acknowledged within 3 business days and triaged for severity within 5.
- 2
Fix and verification
Critical issues are fixed on a 24-hour target, high severity within 72 hours. The fix is verified before rollout.
- 3
Customer notification
Tenant administrators of affected organizations are notified directly by email, with breach notification within 72 hours where GDPR Article 33 applies.
- 4
Public advisory
Once customers are protected and informed, the advisory is published here with credit to the reporter when they want it.
Report a vulnerability
We welcome reports from security researchers and act on every valid submission. There is no bug bounty at this time; researchers who want recognition are credited in the advisory.
Email: security@ransomleak.com
PGP and disclosure details are in our security.txt (RFC 9116).
Acknowledgment within 3 business days, triage within 5.