CVE-2026-30783
Published: 05 March 2026
Summary
CVE-2026-30783 is a critical-severity Client-Side Enforcement of Server-Side Security (CWE-602) vulnerability in Rustdesk Rustdesk. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 33.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely identification, reporting, and correction of the privilege abuse flaw in RustDesk Client through version 1.4.5 directly prevents exploitation.
Enforcing least privilege restricts the scope and impact of privilege abuse resulting from client-side enforcement of server-side security in signaling and sync modules.
Validating information inputs from API sync loop, signaling, and config management prevents improper enforcement of behavioral workflow and server-side security on the client.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote exploitation of RustDesk client (remote desktop service) enables full system compromise via privilege abuse, directly mapping to T1210 (Exploitation of Remote Services) and T1068 (Exploitation for Privilege Escalation).
NVD Description
A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop,…
more
api-server config handling. This issue affects RustDesk Client: through 1.4.5.
Deeper analysisAI
CVE-2026-30783 is a Privilege Abuse vulnerability in the RustDesk Client (rustdesk-client), affecting the software on Windows, macOS, Linux, iOS, Android, and WebClient platforms. The issue resides in the client signaling, API sync loop, and config management modules, specifically associated with source files src/rendezvous_mediator.rs, src/hbbs_http/sync.rs, and program routines handling the API sync loop and api-server config. It impacts RustDesk Client versions through 1.4.5 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), linked to CWE-602 (Client-Side Enforcement of Server-Side Security) and CWE-841 (Improper Enforcement of Behavioral Workflow).
The vulnerability enables exploitation by unauthenticated attackers over the network with low attack complexity and no user interaction required. Successful exploitation allows high-impact disruption to confidentiality, integrity, and availability, potentially leading to full system compromise via privilege abuse on affected clients.
Advisories and documentation on mitigations, including patches, are detailed in the following references: https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub, https://rustdesk.com/docs/en/client/, and https://www.vulsec.org/.
Details
- CWE(s)