cbcvebase.

Rustdesk-Client Rustdesk Client vulnerabilities

11 known vulnerabilities affecting rustdesk-client/rustdesk_client.

Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH7MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-30789P2CRITICALCVSS 9.8≤ 1.4.82026-03-05
CVE-2026-30789 [CRITICAL] CWE-916 CVE-2026-30789: Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authe Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Password Brute Forcing. The authentication proof is SHA256(SHA256(password
nvd
CVE-2026-30783P2CRITICALCVSS 9.8≤ 1.4.82026-03-05
CVE-2026-30783 [CRITICAL] CWE-602 CVE-2026-30783: A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, An A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-serv
nvd
CVE-2026-30793P3CRITICALCVSS 9.8≤ 1.4.52026-03-05
CVE-2026-30793 [CRITICAL] CWE-285 CVE-2026-30793: Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client o Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart, src/flutter_ffi.Rs and program routines URI handler for
nvd
CVE-2026-30797P3HIGHCVSS 8.1≤ 1.4.52026-03-05
CVE-2026-30797 [HIGH] CWE-749 CVE-2026-30797: Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, M Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfi
nvd
CVE-2026-30792P3HIGHCVSS 8.1≤ 1.4.82026-03-05
CVE-2026-30792 [HIGH] CWE-345 CVE-2026-30792: A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, An A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and
nvd
CVE-2026-30794P3HIGHCVSS 8.1≤ 1.4.52026-03-05
CVE-2026-30794 [HIGH] CWE-295 CVE-2026-30794: Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry with danger_accept_invalid
nvd
CVE-2026-30798P3HIGHCVSS 7.5≤ 1.4.82026-03-05
CVE-2026-30798 [HIGH] CWE-345 CVE-2026-30798: Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerab Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs a
nvd
CVE-2026-30795P3HIGHCVSS 7.5≤ 1.4.52026-03-05
CVE-2026-30795 [HIGH] CWE-319 CVE-2026-30795: Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rus Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing Attacks. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines Heartbeat JSON payload construction (preset-address
nvd
CVE-2026-30796P3HIGHCVSS 7.5≤ 1.4.82026-03-05
CVE-2026-30796 [HIGH] CWE-522 CVE-2026-30796: Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) allows Sniffing Attacks. The client places the preset address-book password verbatim into the heartbeat sync JSON
nvd
CVE-2026-30791P3HIGHCVSS 7.5≤ 1.4.52026-03-05
CVE-2026-30791 [HIGH] CWE-327 CVE-2026-30791: Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client ru Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/sr
nvd
CVE-2026-30785P4MEDIUMCVSS 5.5≤ 1.4.52026-03-05
CVE-2026-30785 [MEDIUM] CWE-257 CVE-2026-30785: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Pa Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Dat
nvd
Rustdesk-Client Rustdesk Client vulnerabilities | cvebase