CVE-2026-30796

Name of the Vulnerable Software and Affected Versions RustDesk Server Pro versions through 1.7.5

Description A security issue exists in RustDesk Server Pro related to the transmission of sensitive information in cleartext. The vulnerability is present in the address book sync API modules and allows for potential sniffing attacks. Specifically, the Heartbeat API handler (heartbeatApiHandler()) accepts the preset-address-book-password parameter in plaintext, exposing it during transmission. This affects the heartbeat sync functionality.

Recommendations Versions prior to 1.7.6 should be updated.