CVE-2026-30796 is a vulnerability classified under CWE-319 (Cleartext Transmission of Sensitive Information) found in RustDesk Server Pro, a remote desktop server software used on Windows, MacOS, and Linux platforms. The issue resides in the address book synchronization API modules, specifically within the Heartbeat API handler, which accepts a preset address book password transmitted in plaintext. This insecure transmission enables network attackers to perform sniffing attacks, intercepting sensitive credentials without requiring authentication or user interaction. The vulnerability affects all versions of RustDesk Server Pro up to and including 1.7.5. The flaw arises because the API endpoint handling heartbeat sync does not enforce encryption or secure transport mechanisms, exposing sensitive data during network communication. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges or user interaction required (PR:N/UI:N), and a high impact on confidentiality (VC:H). No known public exploits have been reported yet, but the potential for credential interception poses a significant risk to organizations relying on RustDesk Server Pro for remote access and management. The vulnerability's presence across multiple operating systems increases its attack surface and potential impact.

The primary impact of CVE-2026-30796 is the compromise of confidentiality due to the interception of sensitive information, specifically the preset address book password used in RustDesk Server Pro. An attacker capable of sniffing network traffic can obtain these credentials, potentially enabling unauthorized access to remote desktop sessions or further lateral movement within an organization's network. This can lead to data breaches, unauthorized system control, and exposure of internal resources. Since RustDesk Server Pro is used for remote desktop management, exploitation could undermine trust in remote access infrastructure, disrupt business continuity, and facilitate further attacks such as ransomware or espionage. The vulnerability affects multiple operating systems, broadening the scope of affected environments globally. Organizations without encrypted communication or network segmentation are particularly vulnerable. The lack of authentication or user interaction requirements lowers the barrier for exploitation, increasing the likelihood of successful attacks in untrusted or public network environments.

To mitigate CVE-2026-30796, organizations should immediately enforce encrypted communication channels for all RustDesk Server Pro traffic, such as deploying TLS/SSL for the heartbeat sync API endpoints to prevent plaintext transmission of sensitive data. Network administrators should configure firewalls and intrusion detection systems to monitor and restrict unauthorized access to RustDesk Server Pro servers, especially on untrusted networks. Employing VPNs or secure tunnels for remote desktop traffic can further reduce exposure. Organizations should audit their RustDesk Server Pro deployments to identify versions up to 1.7.5 and plan prompt upgrades once patches are released by the vendor. Until patches are available, disabling or restricting the address book sync feature or the heartbeat API handler may reduce risk. Regularly monitoring network traffic for unusual patterns or unauthorized access attempts can help detect exploitation attempts early. Additionally, educating users and administrators about the risks of transmitting sensitive credentials in plaintext and enforcing strong password policies will enhance overall security posture.