CVE-2026-30794

HighPublic PoC

Published: 05 March 2026

Published

05 March 2026

Modified

25 March 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0004 12.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30794 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Rustdesk Rustdesk. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-17 Public Key Infrastructure Certificates good match

prevent

Mandates establishment and validation of PKI certificates, directly preventing acceptance of invalid certificates that enable AiTM attacks in RustDesk's TLS transport.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and remediation of flaws like improper certificate validation in RustDesk client versions through 1.4.5.

SC-8 Transmission Confidentiality and Integrity partial match

prevent

Enforces cryptographic protection for transmission confidentiality and integrity using properly implemented TLS, addressing the vulnerability's exploitation via intercepted traffic.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

The vulnerability description explicitly states it enables Adversary-in-the-Middle (AiTM) attacks via improper certificate validation (danger_accept_invalid_certs) in the TLS client, allowing traffic interception and server impersonation without system-level trust subversion.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry…

with danger_accept_invalid_certs(true). This issue affects RustDesk Client: through 1.4.5.

Deeper analysisAI

CVE-2026-30794 is an Improper Certificate Validation vulnerability (CWE-295) in the RustDesk Client (rustdesk-client), affecting versions through 1.4.5 on Windows, macOS, Linux, iOS, and Android. The flaw exists in the HTTP API client and TLS transport modules, specifically tied to the program file src/hbbs_http/http_client.rs and TLS retry routines that invoke danger_accept_invalid_certs(true). Published on 2026-03-05, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and enables Adversary-in-the-Middle (AiTM) attacks by failing to properly validate certificates.

An attacker with network access can exploit this vulnerability by intercepting traffic between the RustDesk Client and its server, requiring no privileges or user interaction but demanding high attack complexity, such as manipulating the network path. Successful exploitation allows the adversary to impersonate the server, leading to high impacts on confidentiality, integrity, and availability, including potential interception, modification, or disruption of remote desktop sessions.

Mitigation details are outlined in advisories linked from the following references: https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub, https://github.com/rustdesk/rustdesk, and https://www.vulsec.org/.

Details

CWE(s): CWE-295

Affected Products

rustdesk

≤ 1.4.5

CVEs Like This One

CVE-2026-30792Same product: Apple Iphone Os

CVE-2026-30797Same product: Apple Iphone Os

CVE-2026-35560Same product: Apple Macos

CVE-2026-30789Same product: Apple Iphone Os

CVE-2026-30791Same product: Apple Iphone Os

CVE-2026-30798Same product: Apple Iphone Os

CVE-2026-30795Same product: Apple Iphone Os

CVE-2026-30793Same product: Apple Iphone Os

CVE-2026-30783Same product: Apple Iphone Os

CVE-2024-49782Same product: Linux Linux Kernel

References

https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub
Exploit, Third Party Advisory · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://github.com/rustdesk/rustdesk
Product · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://www.vulsec.org/
Not Applicable · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe