Cleartext Transmission Vulnerability in RustDesk Server Pro by RustDesk
CVE-2026-30796
6.9MEDIUM
Key Information:
- Vendor
Rustdesk-client
- Status
- Vendor
- CVE Published:
- 5 March 2026
Badges
๐พ Exploit Exists
What is CVE-2026-30796?
The RustDesk Server Pro contains a vulnerability that allows cleartext transmission of sensitive information, specifically through its address book sync API. This flaw enables attackers to exploit the transmission of data, increasing the risk of unauthorized access to sensitive information. The affected API endpoint, responsible for handling heartbeat synchronization, improperly manages data, allowing preset address book passwords to be transmitted in plaintext. This defect impacts users on Windows, MacOS, and Linux environments, particularly those utilizing RustDesk Server Pro version 1.7.5 and earlier.
Affected Version(s)
RustDesk Client Windows 0 <= 1.4.8
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Erez Kalman
Erez Kalman
