Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
RustDesk Client for Windows Leaks Sensitive Information on Upload
CVE-2026-2490
Summary
The RustDesk Client for Windows may leak sensitive information if an attacker can run low-privileged code on the system. This can happen when a user uploads a special type of file link. To fix this, update to the latest version of the RustDesk Client for Windows.
Original title
RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations ...
Original description
RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Transfer File feature. By uploading a symbolic link, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-27909.
The specific flaw exists within the Transfer File feature. By uploading a symbolic link, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-27909.
nvd CVSS3.0
5.5
Vulnerability type
CWE-59
Link Following
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026