CVE-2026-30794 is a critical security vulnerability identified in the RustDesk Client, a remote desktop software used across multiple platforms including Windows, MacOS, Linux, iOS, and Android. The vulnerability arises from improper certificate validation (CWE-295) within the HTTP API client and TLS transport modules of the RustDesk Client, specifically in the source file src/hbbs_http/http_client.Rs. The issue is linked to the TLS retry mechanism that uses the setting danger_accept_invalid_certs(true), which bypasses proper TLS certificate validation. This flaw allows an adversary positioned as a man-in-the-middle (MitM) to intercept, decrypt, or manipulate encrypted communications between the client and server without requiring user interaction or authentication. The vulnerability affects all versions of RustDesk Client up to and including 1.4.5. The CVSS v4.0 base score is 9.1 (critical), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality and integrity. Although no exploits are currently known in the wild, the vulnerability poses a significant risk due to the widespread use of RustDesk for remote access and file sharing. The improper validation undermines the fundamental trust model of TLS, exposing sensitive data and potentially allowing attackers to inject malicious payloads or commands. The vulnerability is particularly concerning given the cross-platform nature of the client and its use in enterprise and personal remote access scenarios.

The impact of CVE-2026-30794 is severe for organizations worldwide relying on RustDesk Client for remote desktop access and secure communications. Successful exploitation enables adversaries to perform man-in-the-middle attacks, compromising the confidentiality and integrity of data transmitted over TLS. This can lead to unauthorized data disclosure, credential theft, session hijacking, and injection of malicious commands or malware. Since the vulnerability requires no authentication or user interaction, attackers can exploit it remotely and silently, increasing the risk of widespread compromise. Enterprises using RustDesk for sensitive operations, including IT support, remote work, and file transfers, face heightened exposure to espionage, data breaches, and operational disruptions. The cross-platform nature of the client means that endpoints across diverse environments are vulnerable, complicating incident response and containment. Additionally, the lack of known patches or exploits in the wild suggests that attackers may develop exploits rapidly once the vulnerability is widely known, emphasizing the urgency of mitigation. Overall, this vulnerability threatens the trustworthiness of encrypted communications and could undermine organizational security postures globally.

To mitigate CVE-2026-30794, organizations should immediately audit their RustDesk Client deployments and upgrade to a patched version once available. In the absence of an official patch, administrators should disable or avoid using the TLS retry mechanism that accepts invalid certificates (danger_accept_invalid_certs(true)) in the client configuration or source code. Enforcing strict certificate validation policies is critical to prevent acceptance of untrusted or self-signed certificates. Network-level protections such as TLS interception detection, anomaly-based intrusion detection systems, and strict firewall rules can help identify and block MitM attempts. Organizations should also monitor network traffic for unusual TLS handshake failures or certificate warnings. Employing endpoint detection and response (EDR) tools can assist in detecting exploitation attempts. User awareness training should emphasize the risks of untrusted network environments, especially when using remote access tools. Finally, organizations should consider alternative secure remote access solutions with robust certificate validation until RustDesk Client patches this vulnerability. Regular vulnerability scanning and penetration testing focused on TLS security will help ensure ongoing protection.