Cleartext Transmission Vulnerability in RustDesk Server Pro by RustDesk
CVE-2026-30796

8.7HIGH

Key Information:

Vendor

Rustdesk-server-pro

Status
Rustdesk Server Pro
Vendor
CVE Published:
5 March 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-30796?

The RustDesk Server Pro contains a vulnerability that allows cleartext transmission of sensitive information, specifically through its address book sync API. This flaw enables attackers to exploit the transmission of data, increasing the risk of unauthorized access to sensitive information. The affected API endpoint, responsible for handling heartbeat synchronization, improperly manages data, allowing preset address book passwords to be transmitted in plaintext. This defect impacts users on Windows, MacOS, and Linux environments, particularly those utilizing RustDesk Server Pro version 1.7.5 and earlier.

Affected Version(s)

RustDesk Server Pro Windows 0 <= 1.7.5

References

https://rustdesk.com/docs/en/
technical-descriptionx_--config documentation
https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO...
third-party-advisoryexploit
https://www.vulsec.org/
vdb-entrythird-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Erez Kalman
Erez Kalman
.