Prototype Pollution in RustDesk Client by RustDesk
CVE-2026-30785

8.2HIGH

Key Information:

Vendor

Rustdesk-client

Status
Rustdesk Client
Vendor
CVE Published:
5 March 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-30785?

The vulnerability in RustDesk Client arises from improperly controlled modification of object prototype attributes, enabling attackers to exploit this flaw to retrieve sensitive embedded data. It affects several key modules related to password security, configuration encryption, and machine identification, including files such as hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, and hbb_common/src/lib.Rs. This weakness compromises the integrity of password hashes and exposes sensitive data across Windows, MacOS, and Linux platforms, specifically in versions up to 1.4.5.

Affected Version(s)

RustDesk Client Windows 0 <= 1.4.5

References

https://github.com/rustdesk/rustdesk/discussions/9229
technical-descriptionx_--config documentation
https://github.com/rustdesk/rustdesk/discussions/4979
technical-descriptionx_--config documentation
https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO...
third-party-advisoryexploit

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Erez Kalman
Erez Kalman
.