CVE-2026-3598
Risky Cryptography in RustDesk Server Pro Enables Data Exposure
Publication date: 2026-03-05
Last updated on: 2026-03-25
Assigner: VULSec Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustdesk | rustdesk_server | to 1.7.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-684 | The code does not function according to its published specifications, potentially leading to incorrect usage. |
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the use of a broken or risky cryptographic algorithm in RustDesk Server Pro (rustdesk-server-pro) on Windows, MacOS, and Linux. Specifically, it affects the configuration string generation and web console export modules, allowing an attacker to retrieve embedded sensitive data. The issue is related to the program routines responsible for configuration export and generation.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized retrieval of embedded sensitive data from the affected RustDesk Server Pro application. This could result in exposure of confidential information, potentially compromising system security and user privacy.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know