Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2026-30797

CVE-2026-30797

9.3

Critical

Published:5 Mar 2026

Last updated:17 Jun 2026

Source:2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

Analyzed

Weakness (CWE)

CWE-749CWE-749
CWE-862Missing Authorization

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: None
Privileges Required: None
User Interaction: Passive
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): None
Confidentiality (Subsequent): High
Integrity (Subsequent): High
Availability (Subsequent): None

View on MITRE Find PoC on GitHub

Description

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler. This issue affects RustDesk Client: through 1.4.5.

References

2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub

2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

https://rustdesk.com/docs/en/client/

2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

https://www.vulsec.org/