ArthurFiorette steam-trader 2.1.1 Sensitive Information Exposure
CVE-2026-5128 exposes sensitive Steam account data via the /users API endpoint and logs in ArthurFiorette steam-trader 2.1.1, allowing account takeover.
CVE-2026-5128 identifies a critical vulnerability in version 2.1.1 of the ArthurFiorette steam-trader application. This is a sensitive information exposure issue stemming from two main sources: direct access to the /users API endpoint and insecure logging practices. The vulnerable application, designed for managing Steam trading activities, inadvertently leaks highly sensitive user credentials. As the steam-trader repository is archived and no longer maintained, no patch is available, leaving…
Detection coverage 2
Detect Unauthenticated Steam-Trader Users API Access
highDetects unauthenticated access to the /users API endpoint in ArthurFiorette steam-trader, indicating potential CVE-2026-5128 exploitation.
Detect Sensitive Data in Steam-Trader Logs
criticalDetects the presence of sensitive Steam account data (username, password, identity_secret, shared_secret) within application logs.
Detection queries are kept inside the platform. Get full rules →