Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
RustDesk Client allows attackers to take control of your account on Windows, MacOS, Linux, iOS, and Android
CVE-2026-30793
Summary
Attackers can trick you into performing actions on your RustDesk account without your knowledge or consent. This is a serious issue because it could allow an attacker to gain control of your account. To stay safe, update your RustDesk Client to the latest version.
Original title
Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Pri...
Original description
Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart, src/flutter_ffi.Rs and program routines URI handler for rustdesk://password/, bind.MainSetPermanentPassword().
This issue affects RustDesk Client: through 1.4.5.
This issue affects RustDesk Client: through 1.4.5.
nvd CVSS4.0
9.3
Vulnerability type
CWE-285
Improper Authorization
CWE-352
Cross-Site Request Forgery (CSRF)
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026