CVE-2026-30797

Name of the Vulnerable Software and Affected Versions RustDesk Client versions through 1.4.5

Description A missing authorization issue exists in the RustDesk Client on Windows, MacOS, Linux, iOS, and Android. The issue allows manipulation of Application API Messages via a Man-in-the-Middle attack. The vulnerability is related to the flutter/lib/common.Dart program file and the importConfig() routine through a URI handler. The vulnerability allows an attacker to silently re-home the client to a server they control.

Recommendations Update RustDesk Client to a version later than 1.4.5.