CVE-2026-30783

Summary

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse.

This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling.

This issue affects RustDesk Client: through 1.4.8.

Affected Software

VendorProductVersion RangeStatus
rustdesk-clientRustDesk Client0 <= 1.4.8affected

Weaknesses

  • CWE-602: CWE-602 Client-Side Enforcement of Server-Side Security
  • CWE-841: CWE-841 Improper Enforcement of Behavioral Workflow

Workarounds

Restrict physical/remote access to RustDesk config files

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References