Arthurfiorette - Steam-trader - CRITICAL - CVE-2026-5128. A vulnerability exists in the Steam-Trader application developed by ArthurFiorette, allowing unauthenticated attackers to exploit the /users API endpoint. This issue can lead to the unauthorized retrieval of sensitive Steam account data, including usernames, passwords, identity secrets, and shared secrets. Furthermore, due to inadequate logging practices, authentication logs reveal critical information such as access tokens, refresh tokens, and session identifiers. This leakage empowers attackers to forge valid Steam Guard (2FA) codes, hijack active sessions, and gain full control over compromised accounts, which includes unauthorized access to a user's inventory and trading features. Unfortunately, as the repository is archived and no longer maintained, no fixes are available for this vulnerability.