Cyber Resilience

CVE-2026-30795

HighPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0027 18.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-30795 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Rustdesk Rustdesk. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2026-30795 is a Cleartext Transmission of Sensitive Information vulnerability (CWE-319) in the RustDesk Client (rustdesk-client), affecting versions through 1.4.5 on Windows, macOS, Linux, iOS, and Android. The flaw occurs in the Heartbeat sync loop modules, specifically within the program file src/hbbs_http/sync.rs and the Heartbeat JSON payload construction routines involving the preset-address-book-password, enabling sniffing attacks on transmitted data.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating it can be exploited remotely over the network with low complexity, no privileges, and no user interaction. Unauthenticated attackers positioned to sniff network traffic can intercept cleartext sensitive information, such as passwords embedded in heartbeat JSON payloads, leading to high confidentiality impact without affecting integrity or availability.

Advisories and patch information are available in the referenced sources, including a detailed pub document at https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub, the RustDesk GitHub repository at https://github.com/rustdesk/rustdesk, and https://www.vulsec.org/. Security practitioners should review these for upgrade guidance to versions beyond 1.4.5 and any interim mitigations.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing Attacks. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines Heartbeat JSON payload construction (preset-address-book-password).…

more

This issue affects RustDesk Client: through 1.4.5.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Why these techniques?

Cleartext transmission of credentials (passwords) in heartbeat JSON payloads directly enables passive network sniffing to capture authentication material (T1040).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30796Same product: Apple Macos
CVE-2026-30792Same product: Apple Iphone Os
CVE-2026-30783Same product: Apple Iphone Os
CVE-2026-30798Same product: Apple Iphone Os
CVE-2026-30794Same product: Apple Iphone Os
CVE-2026-30789Same product: Apple Iphone Os
CVE-2026-30793Same product: Apple Iphone Os
CVE-2026-30797Same product: Apple Iphone Os
CVE-2026-30791Same product: Apple Iphone Os
CVE-2025-69272Same product: Linux Linux Kernel

Affected Assets

rustdesk
rustdesk
≤ 1.4.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires protection of the confidentiality of transmitted information, directly preventing sniffing attacks on cleartext sensitive data like preset-address-book-password in RustDesk heartbeat JSON payloads.

prevent

Mandates timely remediation of system flaws, ensuring vulnerabilities like cleartext transmission in RustDesk client through version 1.4.5 are patched to eliminate the exposure.

prevent

Implements cryptographic mechanisms to protect confidentiality of information during transmission, mitigating the cleartext heartbeat sync vulnerability in src/hbbs_http/sync.rs.

References