{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/steam-trader/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-5128","steam-trader","information-disclosure","credential-access","account-takeover"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-5128 identifies a critical vulnerability in version 2.1.1 of the ArthurFiorette steam-trader application. This is a sensitive information exposure issue stemming from two main sources: direct access to the /users API endpoint and insecure logging practices. The vulnerable application, designed for managing Steam trading activities, inadvertently leaks highly sensitive user credentials. As the steam-trader repository is archived and no longer maintained, no patch is available, leaving…\u003c/p\u003e\n","date_modified":"2026-03-30T10:16:02Z","date_published":"2026-03-30T10:16:02Z","id":"/briefs/2024-01-steam-trader-cve/","summary":"CVE-2026-5128 exposes sensitive Steam account data via the /users API endpoint and logs in ArthurFiorette steam-trader 2.1.1, allowing account takeover.","title":"ArthurFiorette steam-trader 2.1.1 Sensitive Information Exposure","url":"https://feed.craftedsignal.io/briefs/2024-01-steam-trader-cve/"}],"language":"en","title":"CraftedSignal Threat Feed — Steam-Trader","version":"https://jsonfeed.org/version/1.1"}