anonhaven
Ad

CVE-2026-30794

CRITICAL CVSS 4.0: 9.1 EPSS 0.02%
Updated Mar 05, 2026
Linux
Parameter Value
CVSS 9.1 (CRITICAL)
Type CWE-295 (Improper Certificate Validation (Неправильная проверка сертификата))
Vendor Linux
Public PoC No

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry with danger_accept_invalid_certs(true). This issue affects RustDesk Client: through 1.4.5.

Attack Parameters

Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
Present
Нужны дополнительные условия
Privileges Required
None
Права не нужны
User Interaction
None
Не нужно действие пользователя

Impact Assessment

Confidentiality
High
Полная утечка данных
Integrity
High
Полная модификация данных
Availability
None
Нет нарушения работы

CVSS Vector v4.0

Weakness Type (CWE)

CWE-295 Improper Certificate Validation (Неправильная проверка сертификата)

References 3

https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozA…
2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://github.com/rustdesk/rustdesk
2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
https://www.vulsec.org/
2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28726

Linux

4.3

CVE-2026-28725

Linux

5.5

CVE-2026-28724

Linux

4.3

CVE-2026-28723

Linux

4.3

CVE-2026-28720

Linux

4.3