CVE-2026-30797

Summary

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler.

This issue affects RustDesk Client: through 1.4.5.

Affected Software

VendorProductVersion RangeStatus
rustdesk-clientRustDesk Client0 <= 1.4.5affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization
  • CWE-749: CWE-749

Workarounds

Unregister the rustdesk:// URI scheme handler at OS level

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References