Data Authenticity Vulnerability in RustDesk Client across Multiple Platforms
CVE-2026-30798

8.2HIGH

Key Information:

Vendor

Rustdesk-client

Status
Rustdesk Client
Vendor
CVE Published:
5 March 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-30798?

A vulnerability exists in the RustDesk Client, affecting various platforms including Windows, MacOS, Linux, iOS, and Android. This issue arises from insufficient verification of data authenticity, leading to potential protocol manipulation. Specifically, it arises during the heartbeat sync loop and within strategy processing modules, which could allow unauthorized data access or control. Key files implicated include src/hbbs_http/sync.Rs and the stop-service handler in the heartbeat loop. Ensure to evaluate the impact of this vulnerability on your security posture and take necessary actions to mitigate risks associated with it.

Affected Version(s)

RustDesk Client Windows 0 <= 1.4.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-30798 - Proof of Concept

References

https://rustdesk.com/docs/en/client/
technical-descriptionx_--config documentation
https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO...
third-party-advisoryexploit
https://www.vulsec.org/
vdb-entrythird-party-advisory

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Erez Kalman
Erez Kalman
.