CVE-2026-30791
Received Received - Intake
Risky Cryptography in RustDesk Client Enables Sensitive Data Exposure

Publication date: 2026-03-05

Last updated on: 2026-03-18

Assigner: VULSec Labs

Description
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig(). This issue affects RustDesk Client: through 1.4.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-30791
EUVD
EUVD-2026-9825
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
rustdesk rustdesk to 1.4.5 (inc)
rustdesk rustdesk to 1.4.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-684 The code does not function according to its published specifications, potentially leading to incorrect usage.
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Use of a Broken or Risky Cryptographic Algorithm issue found in the RustDesk Client (rustdesk-client) across multiple platforms including Windows, MacOS, Linux, iOS, Android, and WebClient. It affects versions up to 1.4.5. The problem lies in certain program files and routines (flutter/lib/common.Dart, hbb_common/src/config.Rs, parseRustdeskUri(), importConfig()) that handle configuration import, URI scheme handling, and CLI config modules. Due to the use of weak or broken cryptographic algorithms, an attacker could retrieve embedded sensitive data from the client.

Impact Analysis

This vulnerability can lead to the unauthorized retrieval of sensitive data embedded within the RustDesk Client configuration or communication. Because the cryptographic algorithm used is broken or risky, attackers may exploit this weakness to access confidential information, potentially compromising the security and privacy of remote desktop sessions or stored credentials.

Compliance Impact

I don't know

Detection Guidance

The provided information does not include specific detection methods or commands to identify this vulnerability on a network or system.

Mitigation Strategies

To mitigate this vulnerability, you should update RustDesk Client to a version later than 1.4.5, as the issue affects versions through 1.4.5.

Additionally, reviewing and adjusting the client configuration, especially related to cryptographic settings and imported configurations, may help reduce risk.

Using RustDesk Server Pro for encrypted configuration import and managing security settings through the client interface can also enhance protection.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30791. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart