Information Disclosure Vulnerability in RustDesk Client for Windows
CVE-2026-2490

5.5MEDIUM

Key Information:

Vendor

Rustdesk

Vendor
CVE Published:
20 February 2026

What is CVE-2026-2490?

The RustDesk Client for Windows contains an information disclosure vulnerability within its Transfer File feature. A local attacker with the capability to execute low-privileged code can exploit this flaw by uploading a symbolic link, enabling them to gain unauthorized access to sensitive files on the system. This vulnerability poses significant risks, as it allows attackers to expose sensitive information in the context of SYSTEM rights, potentially leading to further exploitation.

Affected Version(s)

Client for Windows 1.4.1

References

CVSS V3.0

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.