CVE-2026-30789

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-30789
Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction. This issue affects RustDesk Client: through 1.4.5.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub Exploit Third Party Advisory
https://rustdesk.com/docs/en/client/ Product
https://www.vulsec.org/ Not Applicable
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:rustdesk:rustdesk:*:*:*:*:webclient:*:*:*
OR cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

25 Mar 2026, 15:43

Type Values Removed Values Added
References () https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub - () https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub - Exploit, Third Party Advisory
References () https://rustdesk.com/docs/en/client/ - () https://rustdesk.com/docs/en/client/ - Product
References () https://www.vulsec.org/ - () https://www.vulsec.org/ - Not Applicable
First Time Microsoft
Google
Google android
Rustdesk rustdesk
Linux linux Kernel
Linux
Rustdesk
Apple iphone Os
Microsoft windows
Apple macos
Apple
Summary
  • (es) Omisión de autenticación por captura-repetición, vulnerabilidad de uso de hash de contraseña con esfuerzo computacional insuficiente en rustdesk-client RustDesk Client rustdesk-client en Windows, MacOS, Linux, iOS, Android (módulos de inicio de sesión del cliente, autenticación de pares) permite la reutilización de IDs de sesión (también conocido como repetición de sesión). Esta vulnerabilidad está asociada con los archivos de programa src/client.Rs y las rutinas de programa hash_password(), construcción de prueba de inicio de sesión. Este problema afecta a RustDesk Client: hasta la versión 1.4.5.
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:a:rustdesk:rustdesk:*:*:*:*:webclient:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

05 Mar 2026, 19:16

Type Values Removed Values Added
References
  • () https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub -
  • () https://www.vulsec.org/ -

05 Mar 2026, 16:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-05 16:16

Updated : 2026-03-25 15:43

NVD link : CVE-2026-30789

Mitre link : CVE-2026-30789

CVE.ORG link : CVE-2026-30789

JSON object : View

Products Affected

rustdesk

  • rustdesk

google

  • android

microsoft

  • windows

apple

  • iphone_os
  • macos

linux

  • linux_kernel
CWE
CWE-294

Authentication Bypass by Capture-replay

CWE-916

Use of Password Hash With Insufficient Computational Effort