CVE-2026-30793
CRIT 9.8Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart, src/flutter_ffi.Rs and program routines URI handler for rustdesk://password/, bind.MainSetPermanentPassword().
This issue affects RustDesk Client: through 1.4.5.
Affected Applications in Environment
19
Rustdesk
v1.2.3+39
1 device
Rustdesk
v1.4.5
6 devices
Rustdesk
v1.4.0+58
2 devices
Rustdesk
v1.3.9 (57)
1 device
Rustdesk
v1.4.4 (62)
1 device
Rustdesk
v1.4.2+60
1 device
Rustdesk
v1.4.3
1 device
Rustdesk
v1.4.5+63
11 devices
Rustdesk
v1.4.1
7 devices
Rustdesk
v1.2.3
1 device
Rustdesk
v1.4.1+59
7 devices
Rustdesk
v1.4.4+62
1 device
Rustdesk
v1.4.2 (60)
1 device
Rustdesk
v1.4.0.29119187
2 devices
Rustdesk
v1.3.1.28780709
1 device
Rustdesk
v1.3.1+47
1 device
Rustdesk
v1.4.2
1 device
Rustdesk
v1.4.4.29392109
1 device
Rustdesk
v1.4.3+60
1 device
Affected Devices
24
DESKTOP-5KVOR71
Windows
DESKTOP-AASJHC2
Windows
DESKTOP-EILTT2N
Windows
DESKTOP-UUT4C45
Windows
DPCPD-BK7WZF2
Windows
DPEMAE-7242KKC
Windows
DPENGR-L1283ZDM
Windows
DPHSNG-LEDBYOEM
Windows
DPINFT-02609239
Windows
DPINFT-6P663188
Windows
DPINFT-810B00F
Windows
DPINFT-PF1TA1PH
Windows
HDTS171858
Windows
HTTS171501
Windows
LGN-HH-220
Windows
LGN-LIB-302
Windows
LGN-LIB-411
Windows
LOGAN-VSB-219
Windows
NCH-194817
Windows
SETHVM
Windows
SILK
Windows
a00014956-R7HQ9T146L
Mac
a00344774-D64VY7FMP7
Mac
a00523751-JYGQVF06HR
Mac