CVE-2026-30793

Summary

Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart, src/flutter_ffi.Rs and program routines URI handler for rustdesk://password/, bind.MainSetPermanentPassword().

This issue affects RustDesk Client: through 1.4.5.

Affected Software

VendorProductVersion RangeStatus
rustdesk-clientRustDesk Client0 <= 1.4.5affected

Weaknesses

  • CWE-285: CWE-285
  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

Workarounds

Unregister the rustdesk:// URI scheme handler at OS level

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References