Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
RustDesk Client: Stolen Session IDs Can Reveal Passwords
CVE-2026-30789
Summary
A vulnerability in the RustDesk Client allows hackers to steal session IDs and use them to gain access to user accounts. This means that if someone intercepts your session ID, they could potentially log in as you. To protect yourself, update to the latest version of the RustDesk Client, which should fix this issue.
Original title
Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, ...
Original description
Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction.
This issue affects RustDesk Client: through 1.4.5.
This issue affects RustDesk Client: through 1.4.5.
nvd CVSS4.0
9.3
Vulnerability type
CWE-294
CWE-916
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026