anonhaven
Ad

CVE-2026-30789

CRITICAL CVSS 4.0: 9.3 EPSS 0.06%
Updated Mar 05, 2026
Linux
Parameter Value
CVSS 9.3 (CRITICAL)
Type CWE-294 (Authentication Bypass by Capture-Replay (Обход через перехват)), CWE-916
Vendor Linux
Public PoC No

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction. This issue affects RustDesk Client: through 1.4.5.

Attack Parameters

Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
None
Права не нужны
User Interaction
None
Не нужно действие пользователя

Impact Assessment

Confidentiality
High
Полная утечка данных
Integrity
High
Полная модификация данных
Availability
None
Нет нарушения работы

CVSS Vector v4.0

Weakness Type (CWE)

CWE-294 Authentication Bypass by Capture-Replay (Обход через перехват)
CWE-916

References 3

https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozA…
2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://rustdesk.com/docs/en/client/
2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://www.vulsec.org/
2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28726

Linux

4.3

CVE-2026-28725

Linux

5.5

CVE-2026-28724

Linux

4.3

CVE-2026-28723

Linux

4.3

CVE-2026-28720

Linux

4.3