CVE-2026-30785 is a vulnerability in the RustDesk Client, a remote desktop software, specifically affecting versions through 1.4.5 on Windows, MacOS, and Linux platforms. The flaw arises from a combination of prototype pollution (CWE-916) and weak password hashing mechanisms (CWE-323), along with improper handling of sensitive data embedded within the application’s password security, configuration encryption, and machine UID modules. Key affected source files include hbb_common/src/password_security.Rs, config.Rs, lib.Rs, and machine-uid/src/lib.Rs, with vulnerable routines such as symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), and get_machine_id(). Prototype pollution allows attackers to manipulate object prototypes, potentially altering application behavior or bypassing security controls. The use of password hashes with insufficient computational effort means that stored credentials or keys can be more easily brute-forced or recovered. Together, these weaknesses enable an attacker with limited privileges and local access (AV:L, PR:L) to retrieve embedded sensitive data without requiring user interaction (UI:N). The vulnerability has a high scope impact on confidentiality (VC:H) but does not affect integrity or availability. No patches are currently available, and no exploits have been observed in the wild. The vulnerability is assigned a CVSS 4.0 score of 8.2, indicating a high severity threat that demands attention from users of RustDesk Client.

The primary impact of CVE-2026-30785 is unauthorized disclosure of sensitive embedded data within the RustDesk Client application. This can include passwords, encryption keys, machine identifiers, or configuration secrets critical to secure remote desktop operations. If exploited, attackers with local access and limited privileges could escalate their capabilities by harvesting these secrets, potentially enabling lateral movement, privilege escalation, or persistent access within an organization’s network. The vulnerability does not directly affect system integrity or availability but compromises confidentiality, which can lead to further attacks or data breaches. Organizations relying on RustDesk Client for remote access may face increased risk of insider threats or attacks from compromised local accounts. The lack of user interaction requirement and low attack complexity increase the likelihood of exploitation in environments where local access is attainable. Given RustDesk’s cross-platform usage, the impact spans multiple operating systems and diverse environments, including enterprise, government, and critical infrastructure sectors that use remote desktop solutions.

Until an official patch is released, organizations should implement strict local access controls to limit who can execute or interact with RustDesk Client binaries. Employ application whitelisting and endpoint detection to monitor for suspicious activity involving the affected modules. Use strong OS-level user privilege separation and avoid running RustDesk Client with elevated privileges unnecessarily. Regularly audit and rotate any secrets or credentials managed by RustDesk Client to reduce exposure duration. Consider isolating RustDesk Client usage to dedicated, hardened endpoints with limited network access. Monitor logs for unusual access patterns or attempts to exploit prototype pollution or cryptographic weaknesses. Once patches become available, apply them promptly. Additionally, developers and security teams should review the password hashing algorithms and prototype handling logic in the affected source files to ensure they meet current cryptographic and secure coding standards, such as using memory-hard password hashing functions (e.g., Argon2) and safe prototype handling practices.