CVE-2026-30795

Summary

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing Attacks. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines Heartbeat JSON payload construction (preset-address-book-password).

This issue affects RustDesk Client: through 1.4.5.

Affected Software

VendorProductVersion RangeStatus
rustdesk-clientRustDesk Client0 <= 1.4.5affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

Workarounds

Avoid setting address book passwords; use account-based access only

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References