LOW
StrongDM
CVE published 2026-05-29
CVE-2026-4387
CVE-2026-4387 documents a local information disclosure vulnerability in StrongDM Desktop Application versions prior to 23.74.0 (Desktop Client prior to 53.77.0) on Microsoft Windows. The application stores authentication state—including a JSON Web Token and asymmetric key material—in cleartext within a per-user state file located at C:Users<username>.sdmstate.kv. The file relies solely on default user-lev [truncated]