CVE-2026-30785
HIGH
CVSS 8.2
No EPSS data
Description
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id().
This issue affects RustDesk Client: through 1.4.5.
CVSS details
EPSS
This CVE is not currently listed in the EPSS dataset.
Show JSON
{
"cve": {
"id": "CVE-2026-30785",
"cveTags": [],
"metrics": {
"cvssMetricV31": [
{
"type": "Primary",
"source": "nvd@nist.gov",
"cvssData": {
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
},
"impactScore": 3.6,
"exploitabilityScore": 1.8
}
],
"cvssMetricV40": [
{
"type": "Secondary",
"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
"cvssData": {
"Safety": "NOT_DEFINED",
"version": "4.0",
"Recovery": "NOT_DEFINED",
"baseScore": 8.2,
"Automatable": "NOT_DEFINED",
"attackVector": "LOCAL",
"baseSeverity": "HIGH",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"exploitMaturity": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"subIntegrityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"subConfidentialityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED"
}
}
]
},
"published": "2026-03-05T16:16:19.270",
"references": [
{
"url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub",
"tags": [
"Exploit",
"Third Party Advisory"
],
"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe"
},
{
"url": "https://github.com/rustdesk/rustdesk/discussions/4979",
"tags": [
"Issue Tracking"
],
"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe"
},
{
"url": "https://github.com/rustdesk/rustdesk/discussions/9229",
"tags": [
"Issue Tracking"
],
"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe"
},
{
"url": "https://www.vulsec.org/",
"tags": [
"Not Applicable"
],
"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe"
}
],
"vulnStatus": "Analyzed",
"weaknesses": [
{
"type": "Secondary",
"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
"description": [
{
"lang": "en",
"value": "CWE-257"
},
{
"lang": "en",
"value": "CWE-323"
},
{
"lang": "en",
"value": "CWE-916"
},
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id().\n\nThis issue affects RustDesk Client: through 1.4.5."
},
{
"lang": "es",
"value": "Modificaci\u00f3n Inadecuadamente Controlada de Atributos de Prototipo de Objeto ('Contaminaci\u00f3n de Prototipos'), vulnerabilidad de Uso de Hash de Contrase\u00f1a Con Esfuerzo Computacional Insuficiente en rustdesk-client RustDesk Cliente rustdesk, hbb_common en Windows, MacOS, Linux (M\u00f3dulo de seguridad de contrase\u00f1a, cifrado de configuraci\u00f3n, m\u00f3dulos de UID de m\u00e1quina) permite Recuperar Datos Sensibles Incrustados. Esta vulnerabilidad est\u00e1 asociada con los archivos de programa hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs y las rutinas de programa symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id().\n\nEste problema afecta a RustDesk Cliente: hasta la 1.4.5."
}
],
"lastModified": "2026-03-25T15:47:08.027",
"configurations": [
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rustdesk:rustdesk:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70EE9711-C12B-402D-B28E-4CF19EC7BC88",
"versionEndIncluding": "1.4.5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
],
"sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe"
}
}