CVE-2026-2490
📋 TL;DR
This vulnerability in RustDesk Client for Windows allows local attackers with low-privileged code execution to read arbitrary files on the system by exploiting symbolic link handling in the Transfer File feature. The attack can disclose sensitive information with SYSTEM-level privileges. Only Windows installations of RustDesk Client are affected.
💻 Affected Systems
- RustDesk Client for Windows
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through disclosure of sensitive files like SAM database, configuration files, or credentials, potentially leading to privilege escalation or lateral movement.
Likely Case
Local information disclosure of user files, configuration data, or temporary files that could contain sensitive information.
If Mitigated
Limited impact with proper access controls and monitoring in place, restricting low-privileged code execution opportunities.
🎯 Exploit Status
Exploitation requires local access and ability to execute code first. Symbolic link manipulation is well-understood technique.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version containing fix from PR #13736
Vendor Advisory: https://github.com/rustdesk/rustdesk/pull/13736
Restart Required: Yes
Instructions:
1. Update RustDesk Client to latest version. 2. Verify version includes fix from PR #13736. 3. Restart RustDesk service/application.
🔧 Temporary Workarounds
Disable Transfer File Feature
windowsTemporarily disable the Transfer File functionality to prevent exploitation
Configure RustDesk settings to disable file transfer capabilities
Restrict Symbolic Link Creation
windowsApply Windows policies to restrict symbolic link creation for low-privileged users
Use Group Policy: Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Create symbolic links
🧯 If You Can't Patch
- Implement strict access controls to prevent low-privileged code execution on systems
- Monitor for suspicious file access patterns and symbolic link creation activities
🔍 How to Verify
Check if Vulnerable:
Check RustDesk version - if prior to fix in PR #13736, system is vulnerableCheck Version:
Check RustDesk About dialog or installed program version in WindowsVerify Fix Applied:
Verify RustDesk version includes changes from PR #13736 and test Transfer File feature with symbolic links📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns through RustDesk
- Multiple failed file transfer attempts
- Symbolic link creation in temporary directories
Network Indicators:
- Unexpected file transfer traffic from RustDesk clients
SIEM Query:
Process:rustdesk.exe AND (FileAccess:* OR NetworkConnection:*)