CVE-2026-30791
Received Received - Intake
Risky Cryptography in RustDesk Client Enables Sensitive Data Exposure

Publication date: 2026-03-05

Last updated on: 2026-03-18

Assigner: VULSec Labs

Description
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig(). This issue affects RustDesk Client: through 1.4.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-18
Generated
2026-05-07
AI Q&A
2026-03-05
EPSS Evaluated
2026-05-05
NVD
CVE-2026-30791
EUVD
EUVD-2026-9825
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
rustdesk rustdesk to 1.4.5 (inc)
rustdesk rustdesk to 1.4.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-684 The code does not function according to its published specifications, potentially leading to incorrect usage.
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Use of a Broken or Risky Cryptographic Algorithm issue found in the RustDesk Client (rustdesk-client) across multiple platforms including Windows, MacOS, Linux, iOS, Android, and WebClient. It affects versions up to 1.4.5. The problem lies in certain program files and routines (flutter/lib/common.Dart, hbb_common/src/config.Rs, parseRustdeskUri(), importConfig()) that handle configuration import, URI scheme handling, and CLI config modules. Due to the use of weak or broken cryptographic algorithms, an attacker could retrieve embedded sensitive data from the client.


How can this vulnerability impact me? :

This vulnerability can lead to the unauthorized retrieval of sensitive data embedded within the RustDesk Client configuration or communication. Because the cryptographic algorithm used is broken or risky, attackers may exploit this weakness to access confidential information, potentially compromising the security and privacy of remote desktop sessions or stored credentials.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

The provided information does not include specific detection methods or commands to identify this vulnerability on a network or system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should update RustDesk Client to a version later than 1.4.5, as the issue affects versions through 1.4.5.

Additionally, reviewing and adjusting the client configuration, especially related to cryptographic settings and imported configurations, may help reduce risk.

Using RustDesk Server Pro for encrypted configuration import and managing security settings through the client interface can also enhance protection.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart