Prior known-ignored disclosure

Sanctum's assessment for RD-F-177 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence of any vulnerability being disclosed to Sanctum and subsequently ignored before exploitation. No exploits have occurred (F077 = 0), so no post-mortem could document a 'received-but-not-actioned' disclosure pattern. Web search for Sanctum security incidents returned no reports of ignored disclosures. hacksdatabase grep: 0 Sanctum incident files. Green = no evidence of ignored disclosure per methodology. Caveat: absence of a formal disclosure channel (F175 red) creates a structural forward-looking risk that future disclosures may not be received — this is a Cat 13 process concern, not a backward-looking Cat 5 finding.

Sources #

URL
Is Sanctum Safe — Sanctum Legacy Docs (no ignored disclosures)Web search: 'Sanctum sanctum.so exploit hack security incident 2022 2023 2024 2025' — no exploit or ignored-disclosure articles foundretrieved 2026-05-04
GitHub
Sanctum hacksdatabase — no ignored-disclosure evidencehacksdatabase/ grep — 0 Sanctum incident files; no post-mortem exists documenting received-but-not-actioned disclosureretrieved 2026-05-04

Methodology #

Determine whether evidence exists in prior-incident post-mortems that a disclosed vulnerability was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sanctum factor RD-F-177 score green collected_at 2026-05-04 18:49:23