# TheGentlemen's Exploited Vulnerabilities
> [!NOTE]
> This is the list of vulnerabilities that have been observed during intrusions that lead to TheGentlemen ransomware deployment or data exfiltration and leaks published to TheGentlemen's Tor Site

### `Fortinet`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| FortiOS & FortiProxy | CVE-2024-55591 | TheGentlemen | [checkpoint.com](https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/) |

### `Cisco`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Erlang/OTP SSH server | CVE-2025-32433 | TheGentlemen | [checkpoint.com](https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/) |

### `Windows`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| SMB Client | CVE-2025-33073 | TheGentlemen | [checkpoint.com](https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/) | 
| SmartScreen | CVE-2024-21412 | TheGentlemen | [ransom-isac.com](https://ransom-isac.com/blog/the-gentlemen-leak-analysis/) |
| Local Security Authority (LSA) | CVE-2021-36942 ("PetitPotam") | TheGentlemen | [kelacyber.com](https://www.kelacyber.com/blog/the-gentlemen-ransomware-internal-chat-leak-analysis-2026/) |
| NetLogon | CVE-2020-1472 ("ZeroLogon") | TheGentlemen | [checkpoint.com](https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/) |

### `MS Server Products`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| SMBv1 | CVE-2017-0144 ("EternalBlue") | TheGentlemen | [kelacyber.com](https://www.kelacyber.com/blog/the-gentlemen-ransomware-internal-chat-leak-analysis-2026/) |

---

#### Sources
| Date Published | Report |
|---|---|
| 13 May 2026 | https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/ |
| 14 May 2026 | https://www.kelacyber.com/blog/the-gentlemen-ransomware-internal-chat-leak-analysis-2026/ |
| 15 May 2026 | https://ransom-isac.com/blog/the-gentlemen-leak-analysis/ |