CVE-2026-5128 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: March 30, 2026
ArthurFiorette steam-trader - Sensitive Information Exposure
Overview
ArthurFiorette steam-trader 2.1.1 contains a sensitive information exposure caused by unauthenticated access to /users API endpoint and exposed authentication artifacts in logs, letting unauthenticated attackers retrieve sensitive Steam account data and hijack sessions, exploit requires no authentication.
Severity & Score
Impact
Unauthenticated attackers can hijack Steam accounts, bypass 2FA, and gain full control over inventory and trading functions.
Mitigation
No fix available; consider discontinuing use or applying custom mitigations as repository is archived and unmaintained.
Social Media Activity(1 post)
š“ CVE-2026-5128 - Critical (10) A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam account data, including the account username,... š https://www.thehackerwire.com/vulnerability/CVE-2026-5128/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-5128
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- information_disclosure
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 1
CWE
- CWE-200
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H