CVE-2026-30785 is a vulnerability in RustDesk Client, a remote desktop software, affecting versions through 1.4.5 on Windows, macOS, and Linux platforms. The flaw arises from a combination of improper prototype pollution and weak password hashing mechanisms within critical components such as password_security.Rs, config.Rs, lib.Rs, and machine-uid modules. Prototype pollution (CWE-916) allows attackers to manipulate object prototype attributes, potentially altering program behavior or bypassing security checks. Additionally, the use of password hashes with insufficient computational effort (CWE-323) weakens the protection of stored credentials and encrypted configurations. The affected routines include symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), and get_machine_id(), which handle encryption and unique machine identification. This vulnerability enables attackers with low privileges and local access to retrieve embedded sensitive data such as passwords, configuration secrets, or machine identifiers, compromising confidentiality. The CVSS 4.0 score is 8.2 (high severity), reflecting the local attack vector with low complexity but high impact on confidentiality and scope limited to the vulnerable client. No authentication or user interaction is required, but physical or local system access is necessary. No patches are currently linked, and no known exploits have been reported in the wild as of publication.

The vulnerability poses a significant risk to organizations relying on RustDesk Client for remote desktop access and collaboration. Attackers with local access can exploit the flaw to extract sensitive credentials, configuration secrets, and machine identifiers, potentially leading to unauthorized access, lateral movement, or persistent compromise within corporate networks. The exposure of machine unique IDs can facilitate device impersonation or tracking. Since RustDesk is cross-platform and used globally, the impact spans multiple operating systems and environments. Confidentiality breaches may lead to data leakage, compliance violations, and erosion of trust. Although exploitation requires local access, in environments where endpoint security is weak or insider threats exist, the risk is elevated. The lack of user interaction and low attack complexity further increase the threat level. Organizations may face operational disruptions if attackers leverage stolen credentials or configuration data to escalate privileges or disrupt remote access services.

Organizations should monitor RustDesk Client usage and restrict its installation to trusted users and devices. Until an official patch is released, consider the following mitigations: (1) Limit local user privileges to reduce the risk of exploitation; (2) Employ endpoint detection and response (EDR) solutions to detect anomalous access or manipulation of RustDesk files and processes; (3) Encrypt sensitive configuration files and credentials using stronger, computationally intensive hashing algorithms outside of RustDesk's vulnerable modules; (4) Regularly audit and rotate credentials and machine identifiers used by RustDesk; (5) Implement strict access controls and network segmentation to minimize the impact of compromised endpoints; (6) Educate users about the risks of local exploitation and enforce strong endpoint security hygiene; (7) Monitor for updates from RustDesk and apply patches promptly once available; (8) Consider alternative remote desktop solutions if immediate mitigation is not feasible.