{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T21:32:13.522","vulnerabilities":[{"cve":{"id":"CVE-2026-30793","sourceIdentifier":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","published":"2026-03-05T16:16:20.037","lastModified":"2026-03-25T15:34:35.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart, src/flutter_ffi.Rs and program routines URI handler for rustdesk://password/, bind.MainSetPermanentPassword().\n\nThis issue affects RustDesk Client: through 1.4.5."},{"lang":"es","value":"Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en rustdesk-client RustDesk Client rustdesk-client en Windows, MacOS, Linux, iOS, Android (gestor de esquema URI de Flutter, módulos de puente FFI) permite la escalada de privilegios. Esta vulnerabilidad está asociada con los archivos de programa flutter/lib/common.Dart, src/flutter_ffi.Rs y las rutinas de programa gestor URI para rustdesk://password/, bind.MainSetPermanentPassword(). Este problema afecta a RustDesk Client: hasta la versión 1.4.5."}],"metrics":{"cvssMetricV40":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rustdesk:rustdesk:*:*:*:*:webclient:*:*:*","versionEndIncluding":"1.4.5","matchCriteriaId":"14986BCF-B589-41F2-913D-2800283B452B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*","matchCriteriaId":"B5415705-33E5-46D5-8E4D-9EBADC8C5705"},{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Third Party Advisory","Exploit"]},{"url":"https://github.com/rustdesk/hbb_common","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Product"]},{"url":"https://github.com/rustdesk/rustdesk","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Product"]},{"url":"https://www.vulsec.org/","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Not Applicable"]}]}}]}