CVE-2026-30783

CriticalPublic PoC

Published: 05 March 2026

Published

05 March 2026

Modified

25 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 32.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop,…

api-server config handling. This issue affects RustDesk Client: through 1.4.5.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely identification, reporting, and correction of the privilege abuse flaw in RustDesk Client through version 1.4.5 directly prevents exploitation.

AC-6 Least Privilege good match

prevent

Enforcing least privilege restricts the scope and impact of privilege abuse resulting from client-side enforcement of server-side security in signaling and sync modules.

SI-10 Information Input Validation good match

prevent

Validating information inputs from API sync loop, signaling, and config management prevents improper enforcement of behavioral workflow and server-side security on the client.

Security SummaryAI

CVE-2026-30783 is a Privilege Abuse vulnerability in the RustDesk Client (rustdesk-client), affecting the software on Windows, macOS, Linux, iOS, Android, and WebClient platforms. The issue resides in the client signaling, API sync loop, and config management modules, specifically associated with source files src/rendezvous_mediator.rs, src/hbbs_http/sync.rs, and program routines handling the API sync loop and api-server config. It impacts RustDesk Client versions through 1.4.5 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), linked to CWE-602 (Client-Side Enforcement of Server-Side Security) and CWE-841 (Improper Enforcement of Behavioral Workflow).

The vulnerability enables exploitation by unauthenticated attackers over the network with low attack complexity and no user interaction required. Successful exploitation allows high-impact disruption to confidentiality, integrity, and availability, potentially leading to full system compromise via privilege abuse on affected clients.

Advisories and documentation on mitigations, including patches, are detailed in the following references: https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub, https://rustdesk.com/docs/en/client/, and https://www.vulsec.org/.

Details

CWE(s): CWE-602 CWE-841

Affected Products

rustdesk

≤ 1.4.5

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Unauthenticated remote exploitation of RustDesk client (remote desktop service) enables full system compromise via privilege abuse, directly mapping to T1210 (Exploitation of Remote Services) and T1068 (Exploitation for Privilege Escalation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

References

https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub
Exploit, Third Party Advisory · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://rustdesk.com/docs/en/client/
Product · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://www.vulsec.org/
Third Party Advisory · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe