Server-side Authorization Issue in RustDesk Remote Access Software
CVE-2026-57850

8.7HIGH

Key Information:

Vendor

Rustdesk

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-57850?

RustDesk versions before 1.4.9 are affected by a server-side authorization issue that fails to enforce proper session scope. This flaw permits a limited session type user, such as those engaged in file transfer or camera viewing, to exploit the system by sending unauthorized control messages and utilizing login options meant for full remote access. Consequently, authenticated peers can act beyond their assigned permissions and manipulate the host system, posing security risks to sensitive information and functionalities.

Affected Version(s)

RustDesk 0

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sanket Sharma
.