Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

rustdesk-client — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting rustdesk-client. AI-powered Chinese analysis, POCs, and references for each vulnerability.

RustDesk-client serves as a remote desktop solution enabling users to access and control devices remotely. Historically, it has faced vulnerabilities across multiple classes, including remote code execution (RCE), cross-site scripting (XSS), privilege escalation, and insecure data handling, with 10 CVEs documented to date. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities highlights potential risks in remote access functionality. The application's cross-platform nature and network-facing interfaces present attack surfaces that require ongoing security hardening and prompt patching to mitigate exploitation risks.

Top products by rustdesk-client: RustDesk Client
CVE IDTitleCVSSSeverityPublished
CVE-2026-30785 RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305) — RustDesk ClientCWE-257 6.2 -2026-03-05
CVE-2026-30783 RustDesk Client Can Orphan API Channel to Ignore All Admin Commands and ACL Policies — RustDesk ClientCWE-602 8.8 -2026-03-05
CVE-2026-30789 RustDesk Auth Proof Uses Server-Controlled Salt/Challenge and Fast Double-SHA256, Enabling Offline Brute-Force — RustDesk ClientCWE-916 8.4 -2026-03-05
CVE-2026-30798 RustDesk Client Accepts Unauthenticated stop-service Command via Strategy Payload — RustDesk ClientCWE-345 9.8 -2026-03-05
CVE-2026-30797 RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server — RustDesk ClientCWE-862 8.1 -2026-03-05
CVE-2026-30796 RustDesk Client Transmits Preset Address Book Password Verbatim in Heartbeat Sync — RustDesk ClientCWE-522 6.2 -2026-03-05
CVE-2026-30795 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure — RustDesk ClientCWE-319 7.5 -2026-03-05
CVE-2026-30793 RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation — RustDesk ClientCWE-285 8.8 -2026-03-05
CVE-2026-30792 RustDesk Client Blindly Merges Unauthenticated Strategy Payloads, Bypassing Local Security Settings — RustDesk ClientCWE-345 7.4 -2026-03-05
CVE-2026-30791 RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation — RustDesk ClientCWE-327 9.8 -2026-03-05

This page lists every published CVE security advisory associated with rustdesk-client. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.