CVE-2026-30791 identifies a critical cryptographic vulnerability in the RustDesk Client, a remote desktop software used across multiple platforms including Windows, MacOS, Linux, iOS, Android, and WebClient. The vulnerability stems from the use of broken or risky cryptographic algorithms (CWE-327) within the client’s codebase, specifically in the modules flutter/lib/common.Dart and hbb_common/src/config.Rs. The affected functions parseRustdeskUri() and importConfig() handle configuration import and URI scheme processing, which embed sensitive data in a manner susceptible to unauthorized retrieval. Because the cryptographic protections are weak or flawed, attackers can exploit this to extract sensitive embedded configuration data without any authentication or user interaction, posing a significant confidentiality risk. The vulnerability is present in all versions up to and including 1.4.5. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) indicates that the attack can be performed remotely over the network with low complexity and no privileges or user interaction required, resulting in high confidentiality impact. Although no known exploits have been reported in the wild, the nature of the vulnerability and its broad platform coverage make it a critical concern for users of RustDesk Client. The vulnerability also relates to CWE-684 (Incorrect Control of a Resource Through its Lifetime), suggesting potential issues with how sensitive data is managed or cleared in memory. No official patches have been linked yet, so mitigation relies on configuration changes or vendor updates once available.

The vulnerability allows attackers to remotely retrieve embedded sensitive data from RustDesk Client installations without authentication or user interaction. This can lead to exposure of confidential configuration details, potentially including credentials, session tokens, or other secrets embedded in configuration files or URIs. Such data leakage can facilitate further attacks such as unauthorized access to remote desktop sessions, lateral movement within networks, or compromise of connected systems. Given RustDesk’s use in remote access scenarios across diverse platforms, the impact spans confidentiality breaches that could undermine organizational security postures globally. The broad platform support increases the attack surface, affecting desktops, mobile devices, and web clients. Organizations relying on RustDesk for remote access or support risk data exposure and subsequent operational disruption or data breaches if this vulnerability is exploited. The lack of required privileges or user interaction lowers the barrier for attackers, increasing the likelihood of exploitation once a public exploit emerges.

1. Immediately monitor RustDesk Client vendor communications for official patches addressing CVE-2026-30791 and apply updates promptly once available. 2. Until patches are released, restrict RustDesk Client usage to trusted networks and users to minimize exposure. 3. Review and limit configuration import and URI scheme handling features where possible, disabling or restricting these functions to reduce attack vectors. 4. Implement network-level controls such as firewall rules or VPN segmentation to limit external access to RustDesk Client services. 5. Conduct thorough audits of embedded configuration data to identify and remove sensitive information that could be exposed. 6. Employ endpoint detection and response (EDR) solutions to monitor for suspicious activities related to RustDesk Client processes. 7. Educate users and administrators about the risks of importing untrusted configurations or URIs. 8. Consider alternative remote desktop solutions with stronger cryptographic implementations until this issue is resolved. 9. Regularly review cryptographic practices in internal applications to avoid similar weaknesses.