CVE-2026-30795

Name of the Vulnerable Software and Affected Versions RustDesk Client versions through 1.4.5

Description A cleartext transmission of sensitive information issue exists in RustDesk Client on Windows, MacOS, Linux, iOS, and Android, specifically within the Heartbeat sync loop modules. This allows for potential sniffing attacks. The issue is related to the construction of Heartbeat JSON payloads, including preset address book passwords, within the src/hbbs http/sync.Rs file and the Heartbeat routine.

Recommendations Update RustDesk Client to a version later than 1.4.5.