PatchSiren cyber security CVE debrief
CVE-2026-58056 RustDesk CVE debrief
CVE-2026-58056 is a HIGH-severity vulnerability in RustDesk, a remote desktop application. The issue arises from RustDesk's gating of incoming control messages on per-capability flags rather than on the session's authorized connection type. Specifically, a file-transfer session does not clear those flags, allowing a peer with only a valid FileTransfer authorization to inject keyboard and mouse input and access the unguarded screenshot and display-capture handlers. This enables the peer to act outside its granted scope.
- Vendor
- RustDesk
- Product
- Unknown
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-28
- Original CVE updated
- 2026-07-18
- Advisory published
- 2026-06-28
- Advisory updated
- 2026-07-18
Who should care
Users and administrators of RustDesk, especially those who use file-transfer sessions, should be aware of this vulnerability. As the vulnerability allows for unauthorized actions, users with high privileges or those who handle sensitive information via RustDesk should prioritize patching.
Technical summary
The vulnerability exists because RustDesk does not properly restrict actions based on session authorization types. In a file-transfer session, the application fails to clear capability flags, which are used to gate incoming control messages. This oversight allows a user with FileTransfer authorization to perform actions that should be restricted, such as injecting keyboard and mouse input, capturing screenshots, and accessing display-capture handlers.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to address the vulnerability.
- Restrict the use of file-transfer sessions to only trusted peers.
- Monitor RustDesk sessions for unauthorized actions.
- Consider implementing additional security measures, such as multi-factor authentication or stricter access controls.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-06-28T02:16:32.860Z and was last modified on 2026-07-18T21:17:03.830Z. The NVD entry is currently Deferred. References include a GitHub repository and a Vulncheck advisory.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-28T02:16:32.860Z and has not been modified since then. The NVD entry is currently Deferred.