CVE-2026-30792

HighPublic PoC

Published: 05 March 2026

Published

05 March 2026

Modified

25 March 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 20.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30792 is a high-severity Violation of Secure Design Principles (CWE-657) vulnerability in Rustdesk Rustdesk. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-8 (Transmission Confidentiality and Integrity) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-8 Transmission Confidentiality and Integrity good match

prevent

Protects the confidentiality and integrity of HTTP API messages in RustDesk Client's strategy sync and config options modules against Man-in-the-Middle manipulation.

SI-2 Flaw Remediation good match

prevent

Remediates the specific vulnerability in src/hbbs_http/sync.rs and hbb_common/src/config.rs by identifying, reporting, and applying patches to affected RustDesk Client versions through 1.4.5.

SC-23 Session Authenticity partial match

prevent

Ensures authenticity of communication sessions for the HTTP API client, mitigating interception and manipulation of strategy merge loop and Config::set_options() routines.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

T1565.002 Transmitted Data Manipulation Impact

Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

Why these techniques?

CVE enables MITM-based tampering of HTTP API messages (strategy sync/config) due to missing validation in sync.rs and set_options, directly mapping to Adversary-in-the-Middle and transmitted data manipulation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and…

program routines Strategy merge loop in sync.Rs, Config::set_options(). This issue affects RustDesk Client: through 1.4.5.

Deeper analysisAI

CVE-2026-30792 is a vulnerability in the RustDesk Client (rustdesk-client) that enables Application API Message Manipulation via a Man-in-the-Middle attack. It affects the client across Windows, macOS, Linux, iOS, Android, and WebClient platforms, targeting the Strategy sync, HTTP API client, and config options engine modules. The flaw is associated with source files src/hbbs_http/sync.rs and hbb_common/src/config.rs, as well as routines such as the Strategy merge loop in sync.rs and Config::set_options(). This issue impacts RustDesk Client versions through 1.4.5 and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), mapped to CWE-657.

The vulnerability can be exploited by an attacker positioned to perform a Man-in-the-Middle interception on the network path to the RustDesk server. No privileges or user interaction are required, though exploitation demands high attack complexity, consistent with establishing and maintaining a MITM position. Successful manipulation of API messages in strategy sync or config options can result in high-impact effects on confidentiality, integrity, and availability.

Advisories and documentation on mitigation are available at the following references: https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub, https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings/, and https://www.vulsec.org/.

Details

CWE(s): CWE-657

Affected Products

rustdesk

≤ 1.4.5

CVEs Like This One

CVE-2026-30797Same product: Apple Iphone Os

CVE-2026-30794Same product: Apple Iphone Os

CVE-2026-30789Same product: Apple Iphone Os

CVE-2026-30791Same product: Apple Iphone Os

CVE-2026-30798Same product: Apple Iphone Os

CVE-2026-30795Same product: Apple Iphone Os

CVE-2026-30793Same product: Apple Iphone Os

CVE-2026-30783Same product: Apple Iphone Os

CVE-2025-12725Same product: Apple Macos

CVE-2026-35560Same product: Apple Macos

References

https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub
Exploit, Third Party Advisory · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings/
Product, Vendor Advisory · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://www.vulsec.org/
Not Applicable · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe