CVE-2026-30783 rustdesk-client CVE debrief

Who should care

Organizations using RustDesk Client version 1.4.8 or earlier on Windows, MacOS, Linux, iOS, Android, or WebClient should prioritize patching. IT and security teams responsible for managing these platforms must assess their exposure and take immediate action to limit potential privilege abuse.

Technical summary

The vulnerability, CVE-2026-30783, is associated with specific program files and routines in RustDesk Client, including src/rendezvous_mediator.Rs and src/hbbs_http/sync.Rs, particularly in the API sync loop and config handling. The CVSS vector is CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X, indicating a medium severity with a score of 4.8. This vulnerability is classified under CWE-602 and CWE-841.

Defensive priority

Medium priority due to local access requirement but potential for privilege escalation; immediate patching recommended for exposed systems.

Recommended defensive actions

• Inventory and assess all systems using RustDesk Client versions up to 1.4.8.
• Apply patches or updates to RustDesk Client to version 1.4.9 or later.
• Review and limit local privilege escalation paths.
• Monitor for suspicious API sync loop and config handling activities.
• Implement compensating controls for high-risk systems.

Evidence notes

The primary evidence for this vulnerability comes from the NVD and CVE.org records. The vulnerability affects RustDesk Client up to version 1.4.8 across multiple platforms. Defenders should verify their system configurations and review official advisories for accurate details.

Official resources