प्लेटफ़ॉर्म
rust
घटक
rustdesk
में ठीक किया गया
1.4.6
CVE-2026-30794 describes an Improper Certificate Validation vulnerability within the RustDesk Client, affecting versions from 0.0 up to and including 1.4.5. This flaw allows an Adversary-in-the-Middle (AiTM) to intercept and potentially manipulate communications between the client and the server. The vulnerability stems from insecure TLS retry handling, specifically the dangeracceptinvalid_certs(true) setting. A patched version of RustDesk Client is required to resolve this issue.
The Improper Certificate Validation vulnerability in RustDesk Client creates a significant risk of man-in-the-middle (MitM) attacks. An attacker positioned between the client and the server can intercept and decrypt sensitive data, including session tokens, remote control commands, and potentially shared files. This could lead to unauthorized access to systems, data theft, and complete compromise of user accounts. The broad platform support (Windows, MacOS, Linux, iOS, Android) expands the potential attack surface considerably, impacting a wide range of users. The vulnerability's reliance on TLS retry mechanisms suggests attackers could exploit this by manipulating the TLS handshake process to present a fraudulent certificate.
CVE-2026-30794 was publicly disclosed on 2026-03-05. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept (PoC) code is not yet available, but the nature of the vulnerability suggests it could be relatively easy to exploit once a PoC is developed. The vulnerability's impact is significant due to the potential for remote code execution and data theft.
Users of RustDesk Client who rely on the application for remote access and control are at risk. This includes individuals using RustDesk for personal use, as well as organizations deploying RustDesk for remote support or management. Specifically, users on networks with weak security controls or those connecting to untrusted Wi-Fi networks are particularly vulnerable.
• linux / server:
ps aux | grep rustdesk• windows / supply-chain:
Get-Process -Name rustdesk• generic web:
curl -I https://your-rustdesk-server.com | grep -i tlsdisclosure
एक्सप्लॉइट स्थिति
EPSS
0.03% (8% शतमक)
CISA SSVC
The primary mitigation for CVE-2026-30794 is to upgrade to a patched version of RustDesk Client. The vendor has not yet released a fixed version, so users should monitor the official RustDesk channels for updates. As a temporary workaround, consider implementing network-level controls to restrict access to RustDesk servers to trusted networks. Additionally, enforce strict certificate pinning policies where possible, although this may not be feasible for all deployments. Review RustDesk configuration to ensure TLS validation is enabled and configured with appropriate security settings. After upgrading, confirm proper certificate validation by attempting a connection and verifying the certificate presented by the server is valid and trusted.
RustDesk Client को 1.4.5 से बाद के संस्करण में अपडेट करें। यह TLS प्रमाणपत्र सत्यापन की अनुचित भेद्यता को ठीक कर देगा।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-30794 is an Improper Certificate Validation vulnerability in RustDesk Client versions 0.0 through 1.4.5, allowing an attacker to intercept communications.
If you are using RustDesk Client versions 0.0 to 1.4.5 on Windows, MacOS, Linux, iOS, or Android, you are potentially affected by this vulnerability.
Upgrade to a patched version of RustDesk Client as soon as it becomes available. Monitor the official RustDesk channels for updates.
There is currently no indication of active exploitation, but the vulnerability's nature suggests it could be exploited once a proof-of-concept is developed.
Please refer to the official RustDesk website and security advisories for the latest information and updates regarding CVE-2026-30794.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी Cargo.lock फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।