CVE-2026-30792

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options(). This issue affects RustDesk Client: through 1.4.5.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub	Exploit Third Party Advisory
https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings/	Product Vendor Advisory
https://www.vulsec.org/	Not Applicable

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:rustdesk:rustdesk:*:*:*:*:webclient:*:*:*

OR	cpe:2.3:o:apple:iphone_os:-:::::::*
	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:google:android:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

25 Mar 2026, 15:35

Type	Values Removed	Values Added
References	~~() https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub -~~	() https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub - Exploit, Third Party Advisory
References	~~() https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings/ -~~	() https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings/ - Product, Vendor Advisory
References	~~() https://www.vulsec.org/ -~~	() https://www.vulsec.org/ - Not Applicable
First Time		Microsoft Google Google android Rustdesk rustdesk Linux linux Kernel Linux Rustdesk Apple iphone Os Microsoft windows Apple macos Apple
Summary		(es) Una vulnerabilidad en rustdesk-client RustDesk Client rustdesk-client en Windows, MacOS, Linux, iOS, Android, WebClient (sincronización de estrategia, cliente API HTTP, módulos del motor de opciones de configuración) permite la manipulación de mensajes de la API de la aplicación a través de Man-in-the-Middle. Esta vulnerabilidad está asociada con los archivos de programa src/hbbs_http/sync.Rs, hbb_common/src/config.Rs y las rutinas de programa bucle de fusión de estrategia en sync.Rs, Config::set_options(). Este problema afecta a RustDesk Client: a través de 1.4.5.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:apple:iphone_os:-:::::::* cpe:2.3:o:google:android:-:::::::* cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:a:rustdesk:rustdesk:::::webclient:::*

05 Mar 2026, 19:16

Type	Values Removed	Values Added
References		() https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub - () https://www.vulsec.org/ -

05 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-05 16:16

Updated : 2026-03-25 15:35

NVD link : CVE-2026-30792

Mitre link : CVE-2026-30792

CVE.ORG link : CVE-2026-30792

JSON object : View

Products Affected

microsoft

windows

google

android

linux

linux_kernel

apple

macos
iphone_os

rustdesk

rustdesk

CWE

CWE-657

Violation of Secure Design Principles

8.1 /10