CVE-2026-30792
Man-in-the-Middle API Message Manipulation in RustDesk Client
Publication date: 2026-03-05
Last updated on: 2026-03-25
Assigner: VULSec Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustdesk | rustdesk | to 1.4.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-657 | The product violates well-established principles for secure design. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the RustDesk Client on multiple platforms including Windows, MacOS, Linux, iOS, Android, and WebClient. It involves the manipulation of Application API messages via a Man-in-the-Middle (MitM) attack. Specifically, the issue is related to certain program files and routines responsible for syncing and configuration options, allowing an attacker to interfere with the communication between the client and server.
How can this vulnerability impact me? :
Because this vulnerability allows Man-in-the-Middle manipulation of application API messages, an attacker could intercept and alter data exchanged between the RustDesk Client and its server. This could lead to unauthorized changes in configuration, disruption of remote desktop sessions, or potentially gaining unauthorized access or control over the remote system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "To mitigate the vulnerability in RustDesk Client (up to version 1.4.5) related to Application API Message Manipulation via Man-in-the-Middle, you should configure RustDesk's advanced security settings to restrict and control remote access permissions."}, {'type': 'list_item', 'content': "Set strict access-mode permissions for incoming connections (e.g., limit to 'view' or 'custom')."}, {'type': 'list_item', 'content': 'Disable or carefully control features such as enable-keyboard, enable-clipboard, enable-file-transfer, enable-camera, enable-terminal, enable-remote-printer, enable-audio, and enable-remote-restart to reduce attack surface.'}, {'type': 'list_item', 'content': 'Use whitelist settings to restrict incoming connections to trusted IP addresses.'}, {'type': 'list_item', 'content': 'Enable approve-mode to require manual acceptance or password verification for incoming connections.'}, {'type': 'list_item', 'content': 'Configure verification-method to enforce strong password policies, including temporary or permanent passwords.'}, {'type': 'list_item', 'content': 'Consider enabling allow-auto-disconnect with a suitable timeout to disconnect inactive sessions automatically.'}, {'type': 'list_item', 'content': 'Disable allow-remote-config-modification to prevent remote changes to client settings.'}, {'type': 'paragraph', 'content': 'Additionally, ensure your RustDesk Client is updated beyond version 1.4.5 once a patched version is available.'}] [1]