Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

rustdesk-client — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting rustdesk-client. AI-powered Chinese analysis, POCs, and references for each vulnerability.

RustDesk-client serves as a remote desktop solution enabling users to access and control devices remotely. Historically, it has faced vulnerabilities across multiple classes, including remote code execution (RCE), cross-site scripting (XSS), privilege escalation, and insecure data handling, with 10 CVEs documented to date. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities highlights potential risks in remote access functionality. The application's cross-platform nature and network-facing interfaces present attack surfaces that require ongoing security hardening and prompt patching to mitigate exploitation risks.

Top products by rustdesk-client: RustDesk Client
CVE IDTitleCVSSSeverityPublished
CVE-2026-30785 RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305) — RustDesk ClientCWE-257 6.2 -2026-03-05
CVE-2026-30783 RustDesk Client Can Orphan API Channel to Ignore All Admin Commands and ACL Policies — RustDesk ClientCWE-602 8.8 -2026-03-05
CVE-2026-30789 RustDesk Client Generates Auth Proof Without Client-Side Nonce, Enabling Replay Attacks — RustDesk ClientCWE-294 8.4 -2026-03-05
CVE-2026-30798 RustDesk Client Accepts Unauthenticated stop-service Command via Strategy Payload — RustDesk ClientCWE-345 9.8 -2026-03-05
CVE-2026-30797 RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server — RustDesk ClientCWE-862 8.1 -2026-03-05
CVE-2026-30795 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure — RustDesk ClientCWE-319 7.5 -2026-03-05
CVE-2026-30794 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure — RustDesk ClientCWE-295 7.4 -2026-03-05
CVE-2026-30793 RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation — RustDesk ClientCWE-285 8.8 -2026-03-05
CVE-2026-30792 RustDesk Client Blindly Merges Unauthenticated Strategy Payloads, Bypassing Local Security Settings — RustDesk ClientCWE-657 7.4 -2026-03-05
CVE-2026-30791 RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation — RustDesk ClientCWE-327 9.8 -2026-03-05

This page lists every published CVE security advisory associated with rustdesk-client. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.