RustDesk Client Missing Authorization Vulnerability Allowing Application API Message Manipulation

Vulnerability

A missing authorization vulnerability has been identified in the RustDesk Client across multiple platforms, including Windows, macOS, Linux, iOS, and Android. This vulnerability allows for application API message manipulation through a man-in-the-middle attack. The issue is linked to the Flutter URI scheme handler and the 'importConfig()' routine, affecting RustDesk Client versions through 1.4.5.

Impact

Exploitation of this vulnerability could lead to unauthorized manipulation of application API messages, potentially allowing an attacker to interfere with the normal operation of the RustDesk Client.

Added: Mar 5, 2026, 4:23 PM

Updated: Mar 5, 2026, 4:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.4

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.4

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RustDesk Client Missing Authorization Vulnerability Allowing Application API Message Manipulation

Vulnerability

Impact

Affected Products

RustDesk Client

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating