PT-2026-23459 · Rustdesk · Rustdesk Client
Erez Kalman
·
Published
2026-03-05
·
Updated
2026-03-05
·
CVE-2026-30794
CVSS v4.0
9.1
Critical
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
RustDesk Client versions through 1.4.5
Description
An improper certificate validation issue exists in the RustDesk Client, potentially allowing an Adversary in the Middle (AiTM) attack. The issue is related to the handling of TLS retries and the use of
danger accept invalid certs(true) within the http client.Rs file. This affects the HTTP API client and TLS transport modules on Windows, MacOS, Linux, iOS, and Android.Recommendations
Update RustDesk Client to a version later than 1.4.5.
Exploit
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rustdesk Client