CVE-2026-4387: StrongDM State File Reuse

SpecterOps discovered that StrongDM wrote JWTs and plaintext key material to C:\Users\<username>\.sdm\state.kv, enabling an attacker with user-level access to copy that file to another host and obtain an authenticated StrongDM session as the victim; StrongDM patched this (CVE-2026-4387) by migrating secrets to platform-native stores in Desktop 23.74.0 and CLI 53.77.0.