Cyber Resilience

CVE-2026-30796

HighPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0026 17.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-30796 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Rustdesk Rustdesk Server. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 17.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2026-30796 is a Cleartext Transmission of Sensitive Information vulnerability (CWE-319) in RustDesk Server Pro (rustdesk-server-pro) versions through 1.7.5, affecting deployments on Windows, macOS, and Linux. The flaw impacts the Address book sync API modules, particularly the closed-source API endpoint handling heartbeat sync and program routines. The Heartbeat API handler accepts the preset-address-book-password in plaintext, enabling sniffing attacks.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating network accessibility with low attack complexity, no privileges or user interaction required, and high confidentiality impact. Any attacker positioned to sniff network traffic between clients and the RustDesk Server Pro can intercept plaintext transmissions of the preset-address-book-password during heartbeat sync or address book synchronization operations.

Mitigation guidance and additional details are available in advisories at the following references: https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub, https://rustdesk.com/docs/en/, and https://www.vulsec.org/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Address book sync API modules) allows Sniffing Attacks. This vulnerability is associated with program files Closed source — API endpoint handling heartbeat sync and…

more

program routines Heartbeat API handler (accepts preset-address-book-password in plaintext). This issue affects RustDesk Server Pro: through 1.7.5.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Why these techniques?

Cleartext transmission of preset-address-book-password directly enables passive network sniffing to capture credentials (T1040).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30795Same product: Apple Macos
CVE-2026-3598Same product: Apple Macos
CVE-2026-30790Same product: Apple Macos
CVE-2025-69272Same product: Linux Linux Kernel
CVE-2025-13718Same product: Linux Linux Kernel
CVE-2025-69271Same product: Linux Linux Kernel
CVE-2024-44276Same vendor: Apple
CVE-2026-23661Same vendor: Microsoft
CVE-2026-42899Same product: Apple Macos
CVE-2026-21218Same product: Apple Macos

Affected Assets

rustdesk
rustdesk server
≤ 1.7.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-8 mandates cryptographic protection for the confidentiality and integrity of transmitted sensitive information, such as the plaintext preset-address-book-password, directly preventing network sniffing attacks.

prevent

SC-13 requires implementation of cryptographic mechanisms to protect against unauthorized disclosure of sensitive data like passwords during transmission over networks.

AC-17 Remote Access partial match
prevent

AC-17 enforces cryptographic mechanisms and usage restrictions for remote access, applicable to RustDesk Server Pro's client-server heartbeat sync API communications carrying sensitive passwords.

References