CVE-2026-30798: RustDesk Client Accepts Unauthenticated stop-service Command via Strategy Payload

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-30798

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

RustDesk Client Accepts Unauthenticated stop-service Command via Strategy Payload

Source: NVD (National Vulnerability Database)

Vulnerability Description

Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop. This issue affects RustDesk Client: through 1.4.5.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

对数据真实性的验证不充分

Source: NVD (National Vulnerability Database)

Vulnerability Title

RustDesk 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

RustDesk是RustDesk个人开发者的一款远程访问和远程控制软件，主要由 Rust 编写，可以远程维护计算机和其他设备。 RustDesk 1.4.5及之前版本存在安全漏洞，该漏洞源于数据真实性验证不足和异常条件处理不当，可能导致协议操纵。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
rustdesk-client	RustDesk Client	0 ~ 1.4.5	-

II. Public POCs for CVE-2026-30798

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-30798

Please Login to view more intelligence information

https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pubthird-party-advisoryexploit
https://rustdesk.com/docs/en/client/technical-descriptionx_--config documentation
https://www.vulsec.org/vdb-entrythird-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-30798

IV. Related Vulnerabilities

Same product: RustDesk Client

Same vendor: rustdesk-client

Same weakness: CWE-345

V. Comments for CVE-2026-30798

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2026-30798

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-30798

III. Intelligence Information for CVE-2026-30798

IV. Related Vulnerabilities

V. Comments for CVE-2026-30798

Leave a comment