CVE-2026-30797 is a critical security vulnerability identified in the RustDesk Client, a remote desktop software used across multiple operating systems including Windows, MacOS, Linux, iOS, and Android. The vulnerability stems from missing authorization checks in the Flutter URI scheme handler and configuration import modules, specifically within the importConfig() function located in the flutter/lib/common.Dart file. This flaw allows an attacker positioned as a man-in-the-middle (MitM) to intercept and manipulate application API messages without requiring any prior authentication or privileges. The attack vector involves exploiting the URI handler that processes configuration imports, enabling the attacker to inject or alter configuration data during transmission. The vulnerability is classified under CWE-862 (Missing Authorization) and CWE-749 (Exposed Dangerous Method or Function), indicating a failure to properly restrict access to sensitive functions. The CVSS 4.0 base score of 9.3 reflects the critical nature of this vulnerability, highlighting its network attack vector, low attack complexity, no privileges required, and the need for user interaction. The impact on confidentiality and integrity is high, as manipulated API messages could lead to unauthorized access or control over remote desktop sessions. Although no public exploits have been reported yet, the widespread use of RustDesk in remote work environments makes this a significant risk. The vulnerability affects all RustDesk Client versions through 1.4.5, and no official patches have been linked at the time of publication. The issue underscores the importance of robust authorization checks in client-side URI handlers and configuration import mechanisms to prevent MitM exploitation.

The potential impact of CVE-2026-30797 is severe for organizations relying on RustDesk Client for remote desktop access and collaboration. Successful exploitation could allow attackers to manipulate configuration data and API messages, potentially leading to unauthorized remote access, session hijacking, or injection of malicious configurations. This compromises the confidentiality and integrity of remote sessions, risking exposure of sensitive corporate data and control over critical systems. Given RustDesk’s cross-platform availability, a wide range of devices and environments are vulnerable, increasing the attack surface. The requirement for user interaction (triggering the URI handler) slightly reduces the risk but does not eliminate it, especially in environments where users frequently import configurations or click on links. The lack of required privileges or authentication lowers the barrier for attackers, making it feasible for external threat actors to conduct targeted or opportunistic attacks. The vulnerability could disrupt business continuity, damage organizational reputation, and lead to regulatory compliance issues if sensitive data is exposed. Although no exploits are currently known in the wild, the critical CVSS score and the nature of the vulnerability warrant immediate attention to prevent future exploitation.

To mitigate CVE-2026-30797, organizations should take the following specific actions: 1) Monitor RustDesk Client vendor communications closely and apply security patches immediately once released to address the missing authorization flaw. 2) Until patches are available, restrict network access to RustDesk Client endpoints by implementing strict firewall rules and network segmentation to limit exposure to untrusted networks. 3) Employ TLS interception detection and enforce strict certificate validation to reduce the risk of man-in-the-middle attacks that enable API message manipulation. 4) Educate users to avoid clicking on untrusted or unsolicited URI links that trigger configuration imports, and implement endpoint security controls to monitor and block suspicious URI scheme invocations. 5) Consider deploying endpoint detection and response (EDR) solutions capable of identifying anomalous behavior related to configuration changes or API message manipulation within RustDesk Client processes. 6) Review and harden configuration import workflows to ensure only authorized and validated configurations are accepted. 7) Where feasible, use network-level VPNs or zero-trust access models to secure remote desktop communications beyond the RustDesk client itself. These targeted mitigations go beyond generic advice by focusing on the specific attack vector and the unique aspects of the vulnerability.