CVE-2026-5128 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: March 30, 2026
ArthurFiorette steam-trader - Sensitive Information Exposure
Published: March 30, 2026Updated: March 30, 2026Remote Exploitable
Overview
ArthurFiorette steam-trader 2.1.1 contains a sensitive information exposure caused by unauthenticated access to /users API endpoint and exposed authentication artifacts in logs, letting unauthenticated attackers retrieve sensitive Steam account data and hijack sessions, exploit requires no authentication.
Severity & Score
Severity: Critical
CVSS Score: 10.0
Impact
Unauthenticated attackers can hijack Steam accounts, bypass 2FA, and gain full control over inventory and trading functions.
Mitigation
No fix available; consider discontinuing use or applying custom mitigations as repository is archived and unmaintained.
Related Resources
Details
- CVE ID
- CVE-2026-5128
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- information_disclosure
- Status
- new
CWE
- CWE-200
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H