CVE-2026-30789 | THREATINT

Description

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction. This issue affects RustDesk Client: through 1.4.5.

PUBLISHED Reserved 2026-03-05 | Published 2026-03-05 | Updated 2026-03-05 | Assigner VULSec

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-294 Authentication Bypass by Capture-replay

CWE-916 Use of Password Hash With Insufficient Computational Effort

Product status

Default status

affected

Any version

affected

Credits

Erez Kalman finder

Erez Kalman reporter

References

rustdesk.com/docs/en/client/ technical-description

cve.org (CVE-2026-30789)

nvd.nist.gov (CVE-2026-30789)

Download JSON