CVE-2026-30794

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry with danger_accept_invalid_certs(true). This issue affects RustDesk Client: through 1.4.5.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub	Exploit Third Party Advisory
https://github.com/rustdesk/rustdesk	Product
https://www.vulsec.org/	Not Applicable

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:rustdesk:rustdesk:*:*:*:*:webclient:*:*:*

OR	cpe:2.3:o:apple:iphone_os:-:::::::*
	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:google:android:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

25 Mar 2026, 15:29

Type	Values Removed	Values Added
First Time		Microsoft Google Google android Rustdesk rustdesk Linux linux Kernel Linux Rustdesk Apple iphone Os Microsoft windows Apple macos Apple
References	~~() https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub -~~	() https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub - Exploit, Third Party Advisory
References	~~() https://github.com/rustdesk/rustdesk -~~	() https://github.com/rustdesk/rustdesk - Product
References	~~() https://www.vulsec.org/ -~~	() https://www.vulsec.org/ - Not Applicable
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:apple:iphone_os:-:::::::* cpe:2.3:o:google:android:-:::::::* cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:a:rustdesk:rustdesk:::::webclient:::*
Summary		(es) Vulnerabilidad de Validación de Certificado Incorrecta en rustdesk-client Cliente RustDesk rustdesk-client en Windows, MacOS, Linux, iOS, Android (cliente API HTTP, módulos de transporte TLS) permite Adversario en el Medio (AiTM). Esta vulnerabilidad está asociada con los archivos de programa src/hbbs_http/http_client.Rs y las rutinas de programa TLS retry with danger_accept_invalid_certs(true). Este problema afecta a Cliente RustDesk: hasta la 1.4.5.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1

05 Mar 2026, 19:16

Type	Values Removed	Values Added
References		() https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub - () https://www.vulsec.org/ -

05 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-05 16:16

Updated : 2026-03-25 15:29

NVD link : CVE-2026-30794

Mitre link : CVE-2026-30794

CVE.ORG link : CVE-2026-30794

JSON object : View

Products Affected

rustdesk

rustdesk

google

android

microsoft

windows

apple

iphone_os
macos

linux

linux_kernel

CWE

CWE-295

Improper Certificate Validation

8.1 /10