CVE-2026-30798
Insufficient Data Verification in RustDesk Client Enables Protocol Manipulation
Publication date: 2026-03-05
Last updated on: 2026-03-10
Assigner: VULSec Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustdesk | rustdesk | to 1.4.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
| CWE-755 | The product does not handle or incorrectly handles an exceptional condition. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the RustDesk Client involves insufficient verification of data authenticity and improper handling of exceptional conditions within the heartbeat sync loop and strategy processing modules. It allows an attacker to manipulate the protocol by exploiting weaknesses in specific program files and routines, potentially leading to unauthorized actions or data manipulation.
How can this vulnerability impact me? :
The vulnerability can impact users by enabling protocol manipulation, which may result in unauthorized access, data tampering, or disruption of normal client operations. Because it affects the heartbeat sync loop, it could interfere with the communication and synchronization processes of the RustDesk Client, potentially compromising the integrity and reliability of the service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know