QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-30785

Back to search

CVE-2026-30785

Published: Mar 5, 2026

Modified: Mar 6, 2026

PUBLISHED

Description

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id(). This issue affects RustDesk Client: through 1.4.5.

VendorProductVersions

rustdesk-client

RustDesk Client

affected
0 - <= 1.4.5

Weaknesses (CWE)

CWE-257
CWE-1321
CWE-323
CWE-916

References

https://github.com/rustdesk/rustdesk/discussions/9229
technical-description
x_--config documentation
https://github.com/rustdesk/rustdesk/discussions/4979
technical-description
x_--config documentation
https://www.vulsec.org/
vdb-entry
third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now