CVE-2026-30793 is a critical security vulnerability classified under CWE-285 (Improper Authorization) and CWE-352 (Cross-Site Request Forgery) affecting the RustDesk Client, a popular remote desktop software. The vulnerability exists in the Flutter URI scheme handler and Foreign Function Interface (FFI) bridge modules used by RustDesk Client across multiple operating systems including Windows, MacOS, Linux, iOS, and Android. Specifically, the flaw is in the handling of the rustdesk://password/ URI scheme and the bind.MainSetPermanentPassword() routine, which can be exploited by an attacker to perform unauthorized privilege escalation. Because the vulnerability does not require prior authentication (PR:N) and has low attack complexity (AC:L), an attacker can craft malicious URIs that, when processed by the client, escalate privileges without user consent beyond the initial interaction (UI:P). The vulnerability impacts confidentiality and integrity at a high level (VC:H, VI:H), potentially allowing attackers to gain elevated control over the client system or session. The CVSS 4.0 vector reflects network attack vector (AV:N), no privileges required, and user interaction required, with scope change and high impact on confidentiality and integrity. Although no exploits are currently known in the wild, the critical severity and broad platform coverage necessitate immediate attention. The vulnerability affects all versions of RustDesk Client up to 1.4.5, and no official patches are listed yet, emphasizing the need for proactive mitigation.

The impact of CVE-2026-30793 is significant for organizations using RustDesk Client for remote desktop access. Successful exploitation can lead to privilege escalation, allowing attackers to gain unauthorized elevated access to client systems. This can compromise sensitive data confidentiality and integrity, potentially enabling lateral movement within networks, unauthorized data exfiltration, or deployment of further malware. Since RustDesk is cross-platform and used in diverse environments, the vulnerability threatens a wide range of endpoints including desktops and mobile devices. The attack requires user interaction but no prior authentication, increasing the risk of social engineering or phishing-based exploitation. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely on RustDesk for remote support or access are particularly at risk. The vulnerability could disrupt business operations, lead to data breaches, and damage organizational reputation if exploited.

To mitigate CVE-2026-30793, organizations should immediately monitor for official patches or updates from the RustDesk project and apply them as soon as they become available. Until patches are released, implement strict URI handling policies to restrict or disable processing of rustdesk:// URIs from untrusted sources. Employ endpoint protection solutions that can detect and block suspicious URI scheme invocations or abnormal privilege escalation attempts. Educate users about the risks of interacting with unsolicited links or URIs, especially those related to remote desktop software. Network-level controls such as web filtering and email security gateways should be configured to block or flag messages containing malicious rustdesk:// links. Additionally, consider isolating or limiting RustDesk Client usage to trusted networks and users, and monitor logs for unusual activity related to URI handling or privilege changes. Conduct regular security assessments to identify potential exploitation attempts and ensure that least privilege principles are enforced on client systems.