Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
RustDesk Server Pro Exposes Address Book Passwords in Plain Text
CVE-2026-30796
Summary
RustDesk Server Pro versions up to 1.7.5 transmit address book passwords without encryption, making them vulnerable to interception. If an attacker can access this traffic, they can steal sensitive information. Update to the latest version of RustDesk Server Pro to fix this issue.
Original title
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Address book sync API modules) allows Sniffing...
Original description
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Address book sync API modules) allows Sniffing Attacks. This vulnerability is associated with program files Closed source — API endpoint handling heartbeat sync and program routines Heartbeat API handler (accepts preset-address-book-password in plaintext).
This issue affects RustDesk Server Pro: through 1.7.5.
This issue affects RustDesk Server Pro: through 1.7.5.
nvd CVSS4.0
8.7
Vulnerability type
CWE-319
Cleartext Transmission of Sensitive Information
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026