CVE-2026-5128

Name of the Vulnerable Software and Affected Versions ArthurFiorette steam-trader version 2.1.1

Description A sensitive information exposure issue exists. An unauthenticated attacker can send a request to the /users API endpoint to retrieve sensitive Steam account data, including the account username, password, identity secret, and shared secret. Application logs also expose authentication artifacts such as access tokens, refresh tokens, and session identifiers. This information allows an attacker to generate valid Steam Guard (2FA) codes, hijack authenticated sessions, and obtain full control over the affected Steam account, including unauthorized access to inventory and trading functionality. The vulnerable parameter is not specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.