CVE-2026-30794
HIGH 8.1Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry with danger_accept_invalid_certs(true).
This issue affects RustDesk Client: through 1.4.5.
Affected Applications in Environment
19
Rustdesk
v1.2.3+39
1 device
Rustdesk
v1.4.5
6 devices
Rustdesk
v1.4.0+58
2 devices
Rustdesk
v1.3.9 (57)
1 device
Rustdesk
v1.4.4 (62)
1 device
Rustdesk
v1.4.2+60
1 device
Rustdesk
v1.4.3
1 device
Rustdesk
v1.4.5+63
11 devices
Rustdesk
v1.4.1
7 devices
Rustdesk
v1.2.3
1 device
Rustdesk
v1.4.1+59
7 devices
Rustdesk
v1.4.4+62
1 device
Rustdesk
v1.4.2 (60)
1 device
Rustdesk
v1.4.0.29119187
2 devices
Rustdesk
v1.3.1.28780709
1 device
Rustdesk
v1.3.1+47
1 device
Rustdesk
v1.4.2
1 device
Rustdesk
v1.4.4.29392109
1 device
Rustdesk
v1.4.3+60
1 device
Affected Devices
24
DESKTOP-5KVOR71
Windows
DESKTOP-AASJHC2
Windows
DESKTOP-EILTT2N
Windows
DESKTOP-UUT4C45
Windows
DPCPD-BK7WZF2
Windows
DPEMAE-7242KKC
Windows
DPENGR-L1283ZDM
Windows
DPHSNG-LEDBYOEM
Windows
DPINFT-02609239
Windows
DPINFT-6P663188
Windows
DPINFT-810B00F
Windows
DPINFT-PF1TA1PH
Windows
HDTS171858
Windows
HTTS171501
Windows
LGN-HH-220
Windows
LGN-LIB-302
Windows
LGN-LIB-411
Windows
LOGAN-VSB-219
Windows
NCH-194817
Windows
SETHVM
Windows
SILK
Windows
a00014956-R7HQ9T146L
Mac
a00344774-D64VY7FMP7
Mac
a00523751-JYGQVF06HR
Mac