Authentication Bypass in RustDesk Client Across Multiple Platforms
CVE-2026-30789
5.7MEDIUM
Key Information:
- Vendor
Rustdesk-client
- Status
- Vendor
- CVE Published:
- 5 March 2026
Badges
๐พ Exploit Exists
What is CVE-2026-30789?
The RustDesk Client suffers from an authentication bypass vulnerability that allows attackers to reuse session IDs, enabling unauthorized access to user sessions. This issue affects all platforms including Windows, MacOS, Linux, iOS, and Android, and is tied to weaknesses in the peer authentication and client login modules. Specifically, vulnerabilities in the hash_password() routine and session proof construction can be exploited to bypass authentication mechanisms, increasing the risk of session hijacking.
Affected Version(s)
RustDesk Client Windows 0 <= 1.4.8
References
CVSS V4
Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Erez Kalman
Erez Kalman
