RustDesk Client Cross-Site Request Forgery Vulnerability Allowing Privilege Escalation

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the RustDesk Client across multiple platforms, including Windows, MacOS, Linux, iOS, and Android. This vulnerability allows for privilege escalation and is associated with the Flutter URI scheme handler and FFI bridge modules. The issue affects RustDesk Client versions through 1.4.5.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation within the RustDesk application.

Added: Mar 5, 2026, 4:25 PM

Updated: Mar 5, 2026, 4:25 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

7.0

remediation

0.0

relevance

3.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

7.0

remediation

0.0

relevance

3.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RustDesk Client Cross-Site Request Forgery Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

RustDesk Client

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating