A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling.

This issue affects RustDesk Client: through 1.4.5.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
rustdesk-client RustDesk Client affected
Version Status Constraints
0 affected ≤ 1.4.5

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Rustdesk-client Subscribe
Rustdesk Client Subscribe
Advisories

No advisories yet.

Fixes

Solution

Move enforcement to server side. Require Signed Session Authorization Tokens.

Workaround

Restrict physical/remote access to RustDesk config files

References
Link Providers
https://rustdesk.com/docs/en/client/ cve-icon cve-icon
History

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling. This issue affects RustDesk Client: through 1.4.5.
Title RustDesk Client Can Orphan API Channel to Ignore All Admin Commands and ACL Policies
First Time appeared Rustdesk-client
Rustdesk-client rustdesk Client
Weaknesses CWE-602
CWE-841
CPEs cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:android:*:*:*:*:*
cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:ios:*:*:*:*:*
cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:linux:*:*:*:*:*
cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:macos:*:*:*:*:*
cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:webclient:*:*:*:*:*
cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:windows:*:*:*:*:*
Vendors & Products Rustdesk-client
Rustdesk-client rustdesk Client
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: VULSec

Published:

Updated: 2026-03-05T15:52:21.992Z

Reserved: 2026-03-05T14:13:35.407Z

Link: CVE-2026-30783

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-05T16:16:18.910

Modified: 2026-03-05T16:16:18.910

Link: CVE-2026-30783

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses