CVE-2026-30783
Privilege Abuse Vulnerability in RustDesk Client Signaling Modules
Publication date: 2026-03-05
Last updated on: 2026-03-25
Assigner: VULSec Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustdesk | rustdesk | to 1.4.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-602 | The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
| CWE-841 | The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the RustDesk Client software (rustdesk-client) across multiple platforms including Windows, MacOS, Linux, iOS, Android, and WebClient. It involves privilege abuse within certain program files and routines related to client signaling, API synchronization, and configuration management. Specifically, the affected components include src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs, and the API sync loop and api-server config handling modules.
How can this vulnerability impact me? :
The vulnerability allows privilege abuse, which means an attacker or malicious actor could potentially exploit the flaw to gain unauthorized elevated privileges within the RustDesk Client application. This could lead to unauthorized actions or access beyond what is normally permitted, potentially compromising the security and integrity of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know