A flaw in RustDesk's session handling allows for potential unauthorized control message execution, posing a high security risk to remote access sessions.

The vulnerability resides in how RustDesk validates incoming control messages; it relies on per-capability flags rather than the validated connection type. Crucially, a file-transfer session fails to clear these flags, potentially allowing an attacker to escalate privileges within an active session.

With a CVSS score of 7.6, this vulnerability represents a significant threat to remote support and management environments. Exploitation could allow an attacker to bypass intended session restrictions, leading to unauthorized file access or remote code execution on the target host.

Immediate Action: Update the RustDesk client and server components to the latest version as soon as the vendor provides a patch.

Proactive Monitoring: Monitor remote session logs for anomalous file transfer activity or unexpected command execution during active connections.

Compensating Controls: Implement network segmentation to limit the reach of remote support tools and ensure sessions are strictly controlled and monitored.

Public Exploit Available: false

Users of RustDesk should monitor the official vendor channels for release updates. In environments where remote access is critical, ensure that only authorized users can initiate sessions to reduce the attack surface.