CVE-2026-57850

HIGH

RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Message Injection

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-57850. PoCs published by sn0x-sharma.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-57850, a relay handshake downgrade vulnerability in RustDesk. The vulnerability allows a relay-position attacker to strip or invalidate signed peer key material, forcing a session into plaintext and enabling observation of authentication traffic and injection of control messages post-authentication.

Description

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options reserved for a full Remote session. An authenticated remote peer can exploit this missing scope check to act outside its granted scope, injecting out-of-scope control messages to observe and control the host beyond the permissions it was given.

Exploits (1)

github WRITEUP
by sn0x-sharma · poc
https://github.com/sn0x-sharma/CVE-2026-57850

This repository provides a detailed technical analysis of CVE-2026-57850, a relay handshake downgrade vulnerability in RustDesk. The vulnerability allows a relay-position attacker to strip or invalidate signed peer key material, forcing a session into plaintext and enabling observation of authentication traffic and injection of control messages post-authentication.

Classification
Writeup 98%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: RustDesk < 1.4.9
No auth needed
Prerequisites: Attacker must control the relay/rendezvous metadata path (self-hosted relay or MITM position) · Legitimate user must complete normal RustDesk authentication
mistral-large-3 · analyzed Jul 12, 2026 Full analysis →

References (4)

Core 4
Core References
Issue Tracking issue-tracking
Fix Pull Request #15469
https://github.com/rustdesk/rustdesk/pull/15469
Release Notes release-notes
RustDesk 1.4.9 Release
https://github.com/rustdesk/rustdesk/releases/tag/1.4.9
Product product
Product
https://github.com/rustdesk/rustdesk

Scores

CVSS v3 8.3
EPSS 0.0033
EPSS Percentile 25.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-862
Status published
Products (1)
RustDesk/RustDesk < 1.4.9
Published Jul 10, 2026
Tracked Since Jul 11, 2026