Server-side Authorization Issue in RustDesk Remote Access Software
CVE-2026-57850
8.7HIGH
What is CVE-2026-57850?
RustDesk versions before 1.4.9 are affected by a server-side authorization issue that fails to enforce proper session scope. This flaw permits a limited session type user, such as those engaged in file transfer or camera viewing, to exploit the system by sending unauthorized control messages and utilizing login options meant for full remote access. Consequently, authenticated peers can act beyond their assigned permissions and manipulate the host system, posing security risks to sensitive information and functionalities.
Affected Version(s)
RustDesk 0
