CVE-2026-30798

{"id": "CVE-2026-30798", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-05T16:16:21.333", "references": [{"url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub", "tags": ["Third Party Advisory", "Exploit"], "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe"}, {"url": "https://rustdesk.com/docs/en/client/", "tags": ["Product"], "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe"}, {"url": "https://www.vulsec.org/", "tags": ["Third Party Advisory"], "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "description": [{"lang": "en", "value": "CWE-345"}, {"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop.\n\nThis issue affects RustDesk Client: through 1.4.5."}, {"lang": "es", "value": "Vulnerabilidad de Verificaci\u00f3n Insuficiente de la Autenticidad de los Datos y Manejo Inadecuado de Condiciones Excepcionales en rustdesk-client RustDesk Client rustdesk-client en Windows, MacOS, Linux, iOS, Android (bucle de sincronizaci\u00f3n de latidos, m\u00f3dulos de procesamiento de estrategias) permite la Manipulaci\u00f3n de Protocolo. Esta vulnerabilidad est\u00e1 asociada con los archivos de programa src/hbbs_http/sync.Rs y las rutinas de programa del gestor de detenci\u00f3n de servicio en el bucle de latidos.\n\nEste problema afecta a RustDesk Client: hasta la versi\u00f3n 1.4.5."}], "lastModified": "2026-03-10T20:25:39.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rustdesk:rustdesk:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "70EE9711-C12B-402D-B28E-4CF19EC7BC88", "versionEndIncluding": "1.4.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"}, {"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe"}