CVE-2026-30795 is a vulnerability classified under CWE-319, indicating the cleartext transmission of sensitive information. It affects the RustDesk Client, a remote desktop software used across multiple platforms including Windows, MacOS, Linux, iOS, and Android, up to version 1.4.5. The vulnerability resides in the heartbeat synchronization loop module, specifically within the source file src/hbbs_http/sync.Rs and the Heartbeat JSON payload construction routine that handles the preset address book password. During the heartbeat sync process, sensitive data such as passwords are transmitted over the network in cleartext, making them susceptible to interception by attackers performing network sniffing attacks. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) indicates that the attack can be performed remotely over the network without any privileges or user interaction, and the impact on confidentiality is high, while integrity and availability are unaffected. This vulnerability exposes users to credential theft, potentially allowing unauthorized access to remote desktop sessions or other sensitive resources. Although no known exploits have been reported in the wild yet, the high severity score and ease of exploitation make this a critical issue for users of RustDesk Client. The vulnerability affects all major operating systems supported by RustDesk, increasing the scope and risk of exploitation. The root cause is the lack of encryption or secure transmission mechanisms for sensitive heartbeat sync data, violating best practices for secure communications in remote desktop applications.

The primary impact of CVE-2026-30795 is the exposure of sensitive credentials (preset address book passwords) transmitted in cleartext during heartbeat synchronization in RustDesk Client. This can lead to credential theft by attackers capable of intercepting network traffic, such as those on the same local network or positioned on compromised network infrastructure. Once credentials are obtained, attackers may gain unauthorized remote access to affected systems, potentially leading to data breaches, lateral movement within networks, and compromise of sensitive information. The vulnerability affects multiple platforms, increasing the attack surface and risk for organizations using RustDesk for remote access or collaboration. Given RustDesk's use in enterprise and personal environments, the impact spans from individual users to large organizations, potentially disrupting business operations and exposing confidential data. The lack of required authentication or user interaction for exploitation further elevates the risk. Although no active exploits are known, the vulnerability's presence in a widely used remote desktop client makes it a significant threat vector for attackers targeting remote access solutions.

1. Immediately restrict RustDesk Client usage to trusted, secure networks until a patch is available. 2. Employ network-level encryption such as VPN tunnels or TLS proxies to protect heartbeat sync traffic from interception. 3. Monitor network traffic for unencrypted JSON payloads containing sensitive information and alert on suspicious patterns. 4. Educate users and administrators about the risk of using RustDesk Client in untrusted environments and encourage minimizing exposure. 5. Disable or limit the use of the heartbeat sync feature if possible or configure it to avoid transmitting sensitive data in cleartext. 6. Regularly check for updates from RustDesk and apply security patches promptly once released. 7. Implement network segmentation to isolate devices running RustDesk Client from critical infrastructure. 8. Conduct periodic security assessments and penetration testing focusing on remote access tools to detect similar vulnerabilities. 9. Use endpoint detection and response (EDR) solutions to detect anomalous remote access or credential misuse. 10. Consider alternative remote desktop solutions with verified secure communication channels until this issue is resolved.