https://feed.craftedsignal.io/tags/steam-trader/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 30 Mar 2026 10:16:02 +0000https://feed.craftedsignal.io/briefs/2024-01-steam-trader-cve/Mon, 30 Mar 2026 10:16:02 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-steam-trader-cve/CVE-2026-5128 exposes sensitive Steam account data via the /users API endpoint and logs in ArthurFiorette steam-trader 2.1.1, allowing account takeover.<p>CVE-2026-5128 identifies a critical vulnerability in version 2.1.1 of the ArthurFiorette steam-trader application. This is a sensitive information exposure issue stemming from two main sources: direct access to the /users API endpoint and insecure logging practices. The vulnerable application, designed for managing Steam trading activities, inadvertently leaks highly sensitive user credentials. As the steam-trader repository is archived and no longer maintained, no patch is available, leaving…</p> criticaladvisorycve-2026-5128steam-traderinformation-disclosurecredential-accessaccount-takeover