CVE-2026-30796
Published: 05 March 2026
Summary
CVE-2026-30796 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Rustdesk Rustdesk Server. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 17.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).
Deeper analysis
CVE-2026-30796 is a Cleartext Transmission of Sensitive Information vulnerability (CWE-319) in RustDesk Server Pro (rustdesk-server-pro) versions through 1.7.5, affecting deployments on Windows, macOS, and Linux. The flaw impacts the Address book sync API modules, particularly the closed-source API endpoint handling heartbeat sync and program routines. The Heartbeat API handler accepts the preset-address-book-password in plaintext, enabling sniffing attacks.
The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating network accessibility with low attack complexity, no privileges or user interaction required, and high confidentiality impact. Any attacker positioned to sniff network traffic between clients and the RustDesk Server Pro can intercept plaintext transmissions of the preset-address-book-password during heartbeat sync or address book synchronization operations.
Mitigation guidance and additional details are available in advisories at the following references: https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub, https://rustdesk.com/docs/en/, and https://www.vulsec.org/.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9836
Vulnerability details
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Address book sync API modules) allows Sniffing Attacks. This vulnerability is associated with program files Closed source — API endpoint handling heartbeat sync and…
more
program routines Heartbeat API handler (accepts preset-address-book-password in plaintext). This issue affects RustDesk Server Pro: through 1.7.5.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Cleartext transmission of preset-address-book-password directly enables passive network sniffing to capture credentials (T1040).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SC-8 mandates cryptographic protection for the confidentiality and integrity of transmitted sensitive information, such as the plaintext preset-address-book-password, directly preventing network sniffing attacks.
SC-13 requires implementation of cryptographic mechanisms to protect against unauthorized disclosure of sensitive data like passwords during transmission over networks.
AC-17 enforces cryptographic mechanisms and usage restrictions for remote access, applicable to RustDesk Server Pro's client-server heartbeat sync API communications carrying sensitive passwords.