CVE-2026-30794 is a critical security vulnerability classified under CWE-295 (Improper Certificate Validation) affecting the RustDesk Client software up to version 1.4.5 across multiple platforms including Windows, MacOS, Linux, iOS, and Android. The vulnerability arises from the HTTP API client and TLS transport modules within RustDesk, specifically in the source file src/hbbs_http/http_client.Rs. The core issue is the TLS retry logic that uses the function call danger_accept_invalid_certs(true), which disables proper certificate validation during TLS handshakes. This improper validation allows an attacker positioned as a man-in-the-middle (AiTM) to intercept, decrypt, and potentially manipulate the encrypted communication between the RustDesk client and its servers or peers. The vulnerability does not require any authentication or user interaction, making exploitation easier and more dangerous. The CVSS version 4.0 score of 9.1 reflects a network attack vector with low complexity, no privileges or user interaction required, and high impact on confidentiality and integrity. Although no exploits have been reported in the wild yet, the vulnerability poses a significant risk to the confidentiality and integrity of remote desktop sessions conducted via RustDesk. The lack of a patch link suggests that a fix is pending or not yet publicly available, emphasizing the need for immediate mitigation steps. This vulnerability affects all RustDesk users who rely on secure TLS connections for remote desktop operations, potentially exposing sensitive data and session control to attackers.

The impact of CVE-2026-30794 is severe for organizations worldwide that use RustDesk for remote desktop access and management. Successful exploitation allows adversaries to perform man-in-the-middle attacks, intercepting and decrypting sensitive communications without detection. This compromises the confidentiality of data transmitted during remote sessions, including credentials, files, and commands. Integrity is also at risk, as attackers could alter session data or inject malicious commands, potentially leading to unauthorized system control or data corruption. The vulnerability affects multiple operating systems, broadening the attack surface and increasing the scope of affected systems. Since no authentication or user interaction is required, attackers can exploit this flaw remotely and stealthily. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely on RustDesk for secure remote access are particularly vulnerable. The inability to trust TLS connections undermines the fundamental security guarantees of encrypted remote desktop sessions, potentially leading to data breaches, operational disruption, and regulatory non-compliance.

To mitigate CVE-2026-30794, organizations should immediately avoid using vulnerable RustDesk client versions (up to 1.4.5) and monitor for official patches or updates from RustDesk developers. Until a patch is available, administrators should disable or restrict RustDesk usage in sensitive environments. Network-level mitigations include enforcing strict TLS inspection policies using trusted proxies or firewalls that validate certificates independently. Implementing endpoint security controls to detect anomalous network traffic or man-in-the-middle activities can help identify exploitation attempts. Organizations should also consider using alternative remote desktop solutions with verified secure TLS implementations. For environments where RustDesk is essential, custom builds or configuration changes to disable the dangerous TLS retry behavior (danger_accept_invalid_certs) should be explored by advanced users. Regularly auditing and updating all remote access tools and educating users about the risks of untrusted network connections are critical. Finally, integrating RustDesk usage logs with security information and event management (SIEM) systems can enhance detection and response capabilities.