CVE-2026-30796 is a vulnerability classified under CWE-319 (Cleartext Transmission of Sensitive Information) affecting RustDesk Server Pro, a remote desktop server software used on Windows, MacOS, and Linux platforms. The flaw resides in the address book synchronization API modules, specifically within the Heartbeat API handler, which processes a preset address book password transmitted in plaintext over the network. Because this sensitive credential is not encrypted or protected during transmission, an attacker with network access can perform sniffing attacks to intercept the password. This vulnerability does not require any authentication or user interaction, making it trivially exploitable in environments where network traffic can be monitored or intercepted. The affected versions include all RustDesk Server Pro releases up to 1.7.5. The vulnerability's CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) indicates network attack vector, low complexity, no privileges or user interaction required, and high confidentiality impact. Although no public exploits have been reported yet, the exposure of plaintext passwords can lead to unauthorized access to address book data and potentially broader compromise of remote desktop sessions. The root cause is the lack of encryption or secure transmission protocols for sensitive API parameters, which is a critical security oversight in remote access infrastructure.

The primary impact of CVE-2026-30796 is the compromise of confidentiality due to interception of plaintext passwords used in the address book synchronization process. Attackers who successfully sniff this data can gain unauthorized access to address book information, potentially exposing contact details and remote access credentials. This can lead to lateral movement within networks, unauthorized remote desktop sessions, and further compromise of organizational assets. Since RustDesk Server Pro is used globally for remote desktop management, organizations relying on it for secure remote access are at risk of data breaches and operational disruption. The vulnerability affects multiple operating systems, increasing the scope of affected environments. The ease of exploitation without authentication or user interaction amplifies the threat, especially in untrusted or poorly segmented networks. While no availability or integrity impacts are directly indicated, the confidentiality breach alone can have severe consequences for privacy, compliance, and security posture.

To mitigate CVE-2026-30796, organizations should immediately upgrade RustDesk Server Pro to a patched version once released by the vendor that addresses the cleartext transmission issue. Until patches are available, network administrators should enforce encryption at the network layer, such as deploying VPNs or TLS tunnels to protect API traffic. Implementing strict network segmentation and monitoring for unusual traffic patterns can reduce exposure to sniffing attacks. Disabling or restricting the address book sync API modules where feasible can limit attack surface. Additionally, organizations should audit and rotate any potentially exposed credentials and enforce strong password policies. Employing intrusion detection systems capable of identifying plaintext credential transmission may help detect exploitation attempts. Finally, vendors should be engaged to prioritize secure coding practices, including encrypting all sensitive data in transit and performing thorough security testing of remote access components.