PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-58056 RustDesk CVE debrief

CVE-2026-58056 is a HIGH-severity vulnerability in RustDesk, a remote desktop application. The issue arises from RustDesk's gating of incoming control messages on per-capability flags rather than on the session's authorized connection type. Specifically, a file-transfer session does not clear those flags, allowing a peer with only a valid FileTransfer authorization to inject keyboard and mouse input and access the unguarded screenshot and display-capture handlers. This enables the peer to act outside its granted scope.

Vendor
RustDesk
Product
Unknown
CVSS
HIGH 7.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-28
Original CVE updated
2026-07-18
Advisory published
2026-06-28
Advisory updated
2026-07-18

Who should care

Users and administrators of RustDesk, especially those who use file-transfer sessions, should be aware of this vulnerability. As the vulnerability allows for unauthorized actions, users with high privileges or those who handle sensitive information via RustDesk should prioritize patching.

Technical summary

The vulnerability exists because RustDesk does not properly restrict actions based on session authorization types. In a file-transfer session, the application fails to clear capability flags, which are used to gate incoming control messages. This oversight allows a user with FileTransfer authorization to perform actions that should be restricted, such as injecting keyboard and mouse input, capturing screenshots, and accessing display-capture handlers.

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates provided by the vendor to address the vulnerability.
  • Restrict the use of file-transfer sessions to only trusted peers.
  • Monitor RustDesk sessions for unauthorized actions.
  • Consider implementing additional security measures, such as multi-factor authentication or stricter access controls.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-06-28T02:16:32.860Z and was last modified on 2026-07-18T21:17:03.830Z. The NVD entry is currently Deferred. References include a GitHub repository and a Vulncheck advisory.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-28T02:16:32.860Z and has not been modified since then. The NVD entry is currently Deferred.