CVE-2026-30792

8.1 HIGH

Published: March 05, 2026 Modified: March 25, 2026

Description

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options(). This issue affects RustDesk Client: through 1.4.5.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub

Source: 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

Exploit Third Party Advisory

https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings/

Source: 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

Product Vendor Advisory

https://www.vulsec.org/

Source: 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

Not Applicable

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.1 / 10.0

EPSS (Exploit Probability)

0.1%

21th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-657

Affected Vendors

linux microsoft rustdesk google apple

Related CVEs

CVE-2026-41299 7.1

CVE-2026-41298 5.4

CVE-2026-41297 7.6

CVE-2026-41296 8.2

CVE-2026-41295 7.8