CVE-2026-30791 identifies a vulnerability in the RustDesk Client, a remote desktop software, caused by the use of broken or risky cryptographic algorithms (CWE-327) combined with potential resource exhaustion or memory corruption issues (CWE-684). The affected versions up to 1.4.5 span multiple platforms including Windows, MacOS, Linux, iOS, Android, and WebClient. The vulnerability resides in the handling of configuration import and URI scheme processing modules, specifically within the parseRustdeskUri() and importConfig() functions. These components utilize cryptographic methods that are considered insecure or deprecated, leading to the possibility of attackers retrieving embedded sensitive data such as configuration secrets or credentials. The vulnerability requires no privileges or user interaction and is exploitable remotely over the network, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact is high on confidentiality, with no direct effect on integrity or availability. The flaw is present in key source files flutter/lib/common.Dart and hbb_common/src/config.Rs, suggesting a cross-language implementation issue. Although no public exploits are currently known, the vulnerability poses a significant risk due to the critical nature of the data exposed and the ease of exploitation. The lack of patches at the time of reporting necessitates immediate attention from RustDesk users and developers to remediate or mitigate the issue.

The primary impact of CVE-2026-30791 is the unauthorized disclosure of embedded sensitive data within the RustDesk Client application. This can lead to compromise of user credentials, configuration secrets, or other confidential information that attackers can leverage to gain unauthorized access to remote desktop sessions or escalate privileges. Since the vulnerability is exploitable remotely without authentication or user interaction, it significantly increases the attack surface for threat actors. Organizations relying on RustDesk for remote access may face data breaches, unauthorized system access, and potential lateral movement within their networks. The exposure of sensitive configuration data could also facilitate further attacks such as man-in-the-middle, session hijacking, or persistent access. Given RustDesk’s cross-platform presence, the impact spans diverse environments including enterprise desktops, mobile devices, and web clients, amplifying the risk. The vulnerability undermines trust in the cryptographic protections of the client, potentially affecting compliance with data protection regulations and increasing liability. Although no active exploitation is reported, the high CVSS score reflects the critical nature of the threat if weaponized.

1. Immediate mitigation involves disabling or restricting the use of the vulnerable configuration import and URI scheme features until patches are released. 2. Monitor RustDesk official channels for security updates and apply patches promptly once available. 3. Implement network-level controls such as firewall rules or intrusion detection systems to limit exposure of RustDesk client services to untrusted networks. 4. Conduct thorough audits of existing RustDesk configurations to identify and remove embedded sensitive data where feasible. 5. Employ application-layer encryption or VPN tunnels to add an additional layer of protection around remote desktop communications. 6. Educate users on the risks of importing untrusted configuration files or clicking on suspicious URI schemes related to RustDesk. 7. Consider alternative remote desktop solutions with stronger cryptographic assurances if immediate patching is not possible. 8. Use endpoint detection and response (EDR) tools to detect anomalous activities that may indicate exploitation attempts. 9. Review and tighten access controls and authentication mechanisms around remote desktop infrastructure to limit potential damage from data exposure. 10. Engage in threat hunting and log analysis to detect any signs of exploitation attempts targeting this vulnerability.