Lucene search
K

171 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43008

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 3 days ago11 views

CVE-2026-57850

RustDesk before 1.4.9 fails to enforce a session’s authorized connection scope on the server side. A peer with a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options intended for a full Remote session, enabling actions outside its g...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-57850 RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Message Injection

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/28 2:16 a.m.12 views

CVE-2026-58056

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.33 views

CVE-2026-58056 RustDesk - FileTransfer Session Authorization Scope Bypass

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/06/28 1:32 a.m.55 views

CVE-2026-58056

RustDesk is affected by a session-authorization scope bypass in FileTransfer sessions. The root cause is gating incoming control messages on per-capability flags rather than the session’s authorized connection type; a peer with only valid FileTransfer authorization can inject keyboard/mouse input...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/28 1:32 a.m.10 views

EUVD-2026-39976

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.14 views

PT-2026-53088

Name of the Vulnerable Software and Affected Versions RustDesk affected versions not specified Description An issue exists where incoming control messages are gated based on per-capability flags instead of the session's authorized connection type. Because a file-transfer session fails to clear...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.3 views

CVE-2026-30798

Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop, strategy processing modules allows Protocol Manipulation. This vulnerability is...

8.2CVSS5.8AI score0.00288EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-30791

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

8.7CVSS5.8AI score0.0024EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.8 views

CVE-2026-30797

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, config import modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...

9.3CVSS5.8AI score0.00455EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-30790

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Peer authentication, API login modules, rustdesk-server RustDesk Server OSS...

9.8CVSS5.8AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.7 views

CVE-2026-30783

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Client signaling, API sync loop, config management modules allows Privilege Abuse. This vulnerability is associated with program files src/rendezvousmediator.Rs, src/hbbshttp/sync....

9.8CVSS5.8AI score0.00376EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-30785

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbbcommon on Windows, MacOS, Linux Password security module, config encryption, machine U...

8.2CVSS5.8AI score0.00083EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-30796

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Address book sync API modules allows Sniffing Attacks. This vulnerability is associated with program files Closed source — API endpoint handling...

8.7CVSS5.8AI score0.00261EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.5 views

CVE-2026-30789

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Client login, peer authentication modules allows Reusing Session IDs aka Session Replay. Thi...

9.8CVSS5.8AI score0.00269EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-30792

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Strategy sync, HTTP API client, config options engine modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...

9.1CVSS5.8AI score0.00265EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-30794

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android HTTP API client, TLS transport modules allows Adversary in the Middle AiTM. This vulnerability is associated with program files src/hbbshttp/httpclient.Rs and...

9.1CVSS5.8AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.5 views

CVE-2026-30795

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop modules allows Sniffing Attacks. This vulnerability is associated with program files src/hbbshttp/sync.Rs and program routine...

8.7CVSS5.8AI score0.00271EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.7 views

CVE-2026-30784

Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms Rendezvous server hbbs, relay server hbbr modules allows Privilege Abuse. This vulnerability is associated...

9.8CVSS5.8AI score0.00648EPSS
Exploits1References1
Rows per page
Query Builder