CVE-2026-30797 is a critical security vulnerability identified in the RustDesk Client, a remote desktop software available on multiple platforms including Windows, MacOS, Linux, iOS, and Android. The flaw is categorized under CWE-862 (Missing Authorization) and CWE-749 (Exposed Dangerous Method or Function). It specifically affects the Flutter URI scheme handler and configuration import modules, notably the importConfig() function within the flutter/lib/common.Dart file. The vulnerability allows an attacker positioned as a man-in-the-middle (MitM) to intercept and manipulate API messages exchanged by the RustDesk Client application. Due to missing authorization checks, the attacker can craft malicious URI requests that the client processes without verifying the legitimacy or permissions of the source. This can lead to unauthorized configuration changes or injection of malicious settings, potentially compromising the confidentiality and integrity of the remote desktop sessions. The vulnerability requires no prior authentication or privileges but does require user interaction, such as clicking a malicious URI link. The CVSS 4.0 base score of 9.3 indicates a critical severity with network attack vector, low attack complexity, no privileges required, user interaction needed, and high impact on confidentiality and integrity. Although no known exploits are currently reported in the wild, the broad platform support and the nature of the vulnerability make it a significant risk for users of RustDesk Client up to version 1.4.5. The absence of available patches at the time of disclosure necessitates immediate attention to mitigation strategies to prevent exploitation.

The impact of CVE-2026-30797 on organizations worldwide can be severe. RustDesk Client is used for remote desktop access and support, often in enterprise environments. Exploitation could allow attackers to manipulate configuration settings or inject malicious commands, potentially leading to unauthorized access, data leakage, or disruption of remote sessions. Confidentiality is at high risk as attackers can intercept and alter sensitive session data. Integrity is compromised because unauthorized configuration changes can alter the behavior of the client or the remote connection. Availability impact is lower but possible if malicious configurations disrupt service. Since the vulnerability requires no authentication and can be exploited remotely via MitM attacks, attackers can target users on insecure networks or those tricked into clicking malicious URIs. This threat is especially critical for organizations relying on RustDesk for secure remote access, including IT support teams, managed service providers, and remote workers. Without timely mitigation, attackers could leverage this vulnerability to gain footholds in corporate networks or exfiltrate sensitive information.

To mitigate CVE-2026-30797, organizations should take the following specific actions: 1) Monitor RustDesk Client vendor announcements closely and apply security patches immediately once released. 2) Until patches are available, restrict RustDesk Client usage to trusted networks with strong encryption and avoid use over public or untrusted Wi-Fi to reduce MitM attack risk. 3) Employ network-level protections such as TLS interception detection, DNS filtering, and network segmentation to limit exposure. 4) Educate users to avoid clicking on untrusted or unsolicited URI links that could trigger the vulnerable importConfig() functionality. 5) Implement endpoint detection and response (EDR) solutions to monitor for suspicious RustDesk client behavior or unauthorized configuration changes. 6) Consider using alternative remote desktop solutions with verified secure authorization mechanisms if immediate patching is not feasible. 7) Conduct regular audits of remote access configurations and logs to detect anomalies potentially related to exploitation attempts. These targeted measures go beyond generic advice by focusing on mitigating the specific attack vector (Flutter URI scheme handler) and the man-in-the-middle exploitation method.