CVE-2026-57850

RustDesk · RustDesk

A missing authorization vulnerability in RustDesk allows authenticated users to gain unauthorized access to sensitive functionality, potentially leading to full system compromise.

Executive summary

A missing authorization flaw in RustDesk enables authenticated attackers to perform unauthorized actions, presenting a high risk to remote access infrastructure.

Vulnerability

This vulnerability (CWE-862) involves the lack of proper authorization checks for specific actions, allowing an authenticated attacker to execute operations that should be restricted to higher-privileged users.

Business impact

A successful exploit poses a critical threat to remote management systems, potentially allowing an attacker to gain unauthorized control over connected endpoints. With a CVSS score of 8.3, the vulnerability facilitates unauthorized access to sensitive data and system configurations. This could result in widespread unauthorized remote control of enterprise assets, creating significant reputational and security risks for the organization.

Remediation

Immediate Action: Update all RustDesk installations to version 1.4.9 or later to remediate the authorization deficiency.

Proactive Monitoring: Monitor connection logs for unusual remote access requests or unauthorized changes to client settings and security configurations.

Compensating Controls: Where updates cannot be applied immediately, restrict network access to the RustDesk infrastructure to known, trusted IP addresses only.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The severity of this vulnerability necessitates immediate action. Administrators must verify their current version of RustDesk and update to 1.4.9 as soon as possible to prevent potential unauthorized access to remote management capabilities.