Session Permission Bypass in RustDesk Remote Control Application
CVE-2026-58056
7.2HIGH
What is CVE-2026-58056?
A vulnerability in RustDesk allows attackers to exploit a flaw in the session authorization mechanism. The issue arises when incoming control messages are gated by per-capability flags, which do not adequately account for the authorized connection type of the session. As a result, during a file-transfer session, the authorization flags can remain set, allowing a peer with only FileTransfer capabilities to inject keyboard and mouse inputs. This could lead to unauthorized access to the screenshot and display-capture handlers, effectively enabling actions outside the granted scope, heightening the risk of remote exploitation.
Affected Version(s)
RustDesk 0
