Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
RustDesk Client leaks sensitive info in plain text
CVE-2026-30795
Summary
RustDesk's client software on multiple platforms sends sensitive information like passwords and addresses in plain text when syncing with its servers. This means an attacker with access to the network could intercept and read this sensitive information. Update RustDesk Client to a version newer than 1.4.5 to fix this issue.
Original title
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing...
Original description
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing Attacks. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines Heartbeat JSON payload construction (preset-address-book-password).
This issue affects RustDesk Client: through 1.4.5.
This issue affects RustDesk Client: through 1.4.5.
nvd CVSS4.0
8.7
Vulnerability type
CWE-319
Cleartext Transmission of Sensitive Information
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026