CVE-2026-30789 is a critical vulnerability identified in the RustDesk Client, a popular open-source remote desktop software used across multiple platforms including Windows, MacOS, Linux, iOS, and Android. The vulnerability arises from an authentication bypass caused by capture-replay attacks, where an attacker can intercept and reuse valid session IDs to gain unauthorized access. This is facilitated by the use of password hashing functions with insufficient computational effort, weakening the protection of authentication credentials. The affected components include the client login and peer authentication modules, specifically within the source files such as src/client.Rs and routines like hash_password() and login proof construction. The vulnerability allows attackers to bypass authentication without requiring any privileges or user interaction, making it remotely exploitable over the network. The CVSS 4.0 score of 9.3 (critical) reflects the ease of exploitation (network vector, no authentication, no user interaction) and the high impact on confidentiality and integrity, as attackers can hijack sessions and potentially access sensitive remote systems. No patches are currently linked, indicating that users must rely on temporary mitigations until official fixes are released. The vulnerability is classified under CWE-294 (Authentication Bypass) and CWE-916 (Use of Password Hash With Insufficient Computational Effort), highlighting both the replay attack vector and weak cryptographic practices. Given RustDesk’s cross-platform presence and use in remote access scenarios, this vulnerability poses a significant risk to organizations relying on it for secure remote connectivity.

The impact of CVE-2026-30789 is substantial for organizations worldwide that utilize RustDesk Client for remote desktop access. Successful exploitation allows attackers to bypass authentication controls and gain unauthorized access to remote systems without any user interaction or prior credentials. This can lead to exposure of sensitive data, unauthorized control over critical infrastructure, and potential lateral movement within corporate networks. The ability to reuse session IDs undermines session integrity and confidentiality, increasing the risk of persistent unauthorized access. Since RustDesk is used across multiple operating systems and devices, the scope of affected systems is broad, affecting enterprises, SMBs, and individual users alike. The lack of current patches increases the window of exposure, and the critical severity rating underscores the urgency of addressing this vulnerability. Attackers could leverage this flaw to compromise remote support services, internal administrative access, and cloud-hosted environments, potentially causing significant operational disruption and data breaches.

1. Immediately monitor network traffic for signs of session replay attacks, such as repeated session ID usage or unusual authentication patterns. 2. Implement network-level protections like intrusion detection/prevention systems (IDS/IPS) configured to detect and block replayed authentication tokens. 3. Restrict RustDesk client usage to trusted networks and VPNs to reduce exposure to external attackers. 4. Enforce multi-factor authentication (MFA) at the network or gateway level to add an additional layer of security beyond the vulnerable client authentication. 5. Disable or limit session persistence features temporarily until patches are available to reduce replay attack surfaces. 6. Regularly audit and rotate session keys and credentials used by RustDesk clients. 7. Stay informed on official RustDesk updates and apply patches promptly once released. 8. Consider alternative remote desktop solutions with robust authentication mechanisms if immediate patching is not feasible. 9. Educate users about the risks of using RustDesk in untrusted environments and encourage secure usage practices. 10. For organizations with custom RustDesk deployments, review and harden the authentication code, particularly the password hashing and session management implementations.