What is the CVSS score of CVE-2026-30798?

CVE-2026-30798 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2026-30798?

RustDesk Client contains a vulnerability allowing attackers to manipulate protocol communications across all platforms (Windows, macOS, Linux, iOS, Android), potentially enabling unauthorized remote…

Is there a public PoC exploit available for CVE-2026-30798?

Yes, a public proof-of-concept exploit is available for CVE-2026-30798. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-30798?

Within 24 hours: Identify all RustDesk Client deployments across the organization and assess business-critical usage. Within 7 days: Implement network segmentation to isolate RustDesk traffic, enable enhanced logging/monitoring on RustDesk connections, and restrict RustDesk usage to essential personnel only. Within 30 days: Evaluate alternative remote access solutions, coordinate with RustDesk for patch availability, and develop a migration plan if patches remain unavailable.

Windows CVE-2026-30798

HIGH

Insufficient Verification of Data Authenticity (CWE-345)

2026-03-05 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

Linux Windows macOS Android Rustdesk

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 10, 2026 - 20:25 vuln.today

Public exploit code

CVE Published

Mar 05, 2026 - 16:16 nvd

HIGH 7.5

DescriptionCVE.org

Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop.

This issue affects RustDesk Client: through 1.4.5.

AnalysisAI

RustDesk Client through version 1.4.5 fails to properly verify data authenticity in its heartbeat synchronization loop, allowing remote attackers to manipulate the protocol and cause denial of service without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send crafted heartbeat protocol message

Exploit

Bypass data authenticity verification

Execution

Trigger exception in sync handler

Impact

Cause denial of service via heartbeat loop crash

Access

Send crafted heartbeat protocol message

Exploit

Bypass data authenticity verification

Execution

Trigger exception in sync handler

Impact

Cause denial of service via heartbeat loop crash

Vulnerability AssessmentAI

Exploitation	RustDesk Client version 1.4.5 or earlier with heartbeat sync module enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker could exploit this vulnerability to compromise the affected system.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all RustDesk Client deployments across the organization and assess business-critical usage. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12440 CRITICAL Act Now

9.6 Jun 17

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to po

CVE-2026-12437 HIGH This Week

8.3 Jun 17

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had comprom

CVE-2026-12449 HIGH This Week

7.8 Jun 17

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-

CVE-2026-12461 MEDIUM This Month

6.5 Jun 17

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain pot

CVE-2026-12444 MEDIUM This Month

5.5 Jun 17

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain

CVE-2026-30798 vulnerability details – vuln.today

Back

Windows CVE-2026-30798

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code