Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable, low complexity, no UI; PR:L because a valid FileTransfer authorization is required; high integrity from input injection/control, lower confidentiality from screen capture and lower availability.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded screenshot and display-capture handlers, acting outside its granted scope.
AnalysisAI
Authorization scope bypass in RustDesk lets a peer holding only a FileTransfer authorization inject keyboard and mouse input and invoke the screenshot and display-capture handlers, escalating a limited file-transfer session into full interactive remote control and screen surveillance. The defect arises because RustDesk gates incoming control messages on per-capability flags that a file-transfer session never clears, rather than on the session's authorized connection type. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to first hold a valid FileTransfer authorization to the target RustDesk peer (PR:L) - an accepted file-transfer session must exist, so this is not a fully unauthenticated attack. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N, VC:L/VI:H/VA:L, base 7.2 High) describes a network-reachable, low-complexity attack requiring low privileges and no user interaction, with high integrity impact (input injection and control) and lower confidentiality and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker obtains a legitimate FileTransfer-only authorization to a RustDesk peer - for example, by posing as a vendor performing a file-only support task. Rather than limiting themselves to file transfer, they send keyboard and mouse control messages and invoke the screenshot/display-capture handlers, gaining interactive control and live screen visibility of the victim host. … |
| Remediation | No vendor-released patch version is identified in the provided data (No vendor-released patch identified at time of analysis), so the primary action is to track the VulnCheck advisory (https://www.vulncheck.com/advisories/rustdesk-filetransfer-session-authorization-scope-bypass) and the upstream RustDesk project for a fixed release and upgrade to the exact patched version as soon as it is published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: audit active RustDesk deployments and identify sessions granted file-transfer authorization; categorize by system sensitivity. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Au
Remote denial-of-service in RustDesk Client through 1.4.5 allows network-positioned attackers to disrupt the remote-acce
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remot
Configuration tampering in RustDesk Client through 1.4.5 allows a network-positioned attacker to manipulate Application
RustDesk Client through version 1.4.5 uses a broken cryptographic algorithm that allows attackers to retrieve sensitive
RustDesk Server Pro through version 1.7.5 transmits sensitive address book credentials in cleartext over the network hea
Authentication bypass in RustDesk Client through 1.4.5 across Windows, macOS, Linux, iOS, and Android allows remote atta
Privilege escalation in RustDesk Client through version 1.4.5 on Windows, macOS, Linux, iOS, and Android allows unauthen
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39976
GHSA-vp3r-hwqm-x826