CVE-2026-30797

HighPublic PoC

Published: 05 March 2026

Published

05 March 2026

Modified

25 March 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0006 19.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30797 is a high-severity Exposed Dangerous Method or Function (CWE-749) vulnerability in Rustdesk Rustdesk. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 19.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations to prevent unauthorized access and manipulation of application API messages via the missing authorization in the URI scheme handler and importConfig() routine.

SC-8 Transmission Confidentiality and Integrity good match

prevent

Protects the confidentiality and integrity of transmitted configuration data over the network to mitigate Man-in-the-Middle interception and manipulation.

SI-10 Information Input Validation partial match

prevent

Validates inputs from the URI handler to detect and block manipulated application API messages before they affect the RustDesk client.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

T1565.002 Transmitted Data Manipulation Impact

Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

Why these techniques?

Missing authorization in URI/config handler directly enables MITM-based manipulation of application API messages (T1557 Adversary-in-the-Middle; T1565.002 Transmitted Data Manipulation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig()…

via URI handler. This issue affects RustDesk Client: through 1.4.5.

Deeper analysisAI

CVE-2026-30797 is a Missing Authorization vulnerability in the RustDesk Client (rustdesk-client) on Windows, macOS, Linux, iOS, and Android platforms, affecting versions through 1.4.5. The flaw exists in the Flutter URI scheme handler and config import modules, specifically within the flutter/lib/common.dart file and the importConfig() routine accessed via the URI handler. It enables Application API Message Manipulation through a Man-in-the-Middle attack and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), linked to CWEs-749 and CWE-862.

The vulnerability can be exploited by remote attackers over the network, requiring high attack complexity but no privileges or user interaction. A successful Man-in-the-Middle interception allows manipulation of Application API messages, resulting in high impacts to confidentiality, integrity, and availability of the affected client.

Mitigation details are outlined in related advisories available at https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub, https://rustdesk.com/docs/en/client/, and https://www.vulsec.org/.

Details

CWE(s): CWE-749 CWE-862

Affected Products

rustdesk

≤ 1.4.5

CVEs Like This One

CVE-2026-30792Same product: Apple Iphone Os

CVE-2026-30794Same product: Apple Iphone Os

CVE-2026-30789Same product: Apple Iphone Os

CVE-2026-30791Same product: Apple Iphone Os

CVE-2026-30798Same product: Apple Iphone Os

CVE-2026-30795Same product: Apple Iphone Os

CVE-2026-30793Same product: Apple Iphone Os

CVE-2026-30783Same product: Apple Iphone Os

CVE-2025-12725Same product: Apple Macos

CVE-2026-35560Same product: Apple Macos

References

https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub
Exploit, Third Party Advisory · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://rustdesk.com/docs/en/client/
Product · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://www.vulsec.org/
Not Applicable · 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe