{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30796", "assignerOrgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "state": "PUBLISHED", "assignerShortName": "VULSec", "dateReserved": "2026-03-05T14:13:37.203Z", "datePublished": "2026-03-05T15:30:39.605Z", "dateUpdated": "2026-06-22T13:17:31.551Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "shortName": "VULSec", "dateUpdated": "2026-06-22T13:17:31.551Z"}, "title": "RustDesk Client Transmits Preset Address Book Password Verbatim in Heartbeat Sync", "datePublic": "2026-03-05T13:45:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-157", "descriptions": [{"lang": "en", "value": "CAPEC-157 Sniffing Attacks"}]}], "affected": [{"vendor": "rustdesk-client", "product": "RustDesk Client", "platforms": ["Windows", "MacOS", "Linux", "iOS", "Android"], "collectionURL": "https://github.com/rustdesk/rustdesk/releases", "packageName": "rustdesk-client", "repo": "https://github.com/rustdesk/rustdesk,https://github.com/rustdesk/hbb_common", "modules": ["Address book sync", "Heartbeat sync loop"], "programFiles": ["src/hbbs_http/sync.rs"], "programRoutines": [{"name": "heartbeat sync body builder (emits preset-address-book-password verbatim)"}], "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.4.8", "changes": [{"at": "Server Pro", "status": "affected"}], "versionType": "custom"}], "defaultStatus": "affected"}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:windows:*:*:*:*:*", "versionEndIncluding": "1.4.8", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:macos:*:*:*:*:*", "versionEndIncluding": "1.4.8", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:linux:*:*:*:*:*", "versionEndIncluding": "1.4.8", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:ios:*:*:*:*:*", "versionEndIncluding": "1.4.8", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:android:*:*:*:*:*", "versionEndIncluding": "1.4.8", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "value": "Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) allows Sniffing Attacks.\n\nThe client places the preset address-book password verbatim into the heartbeat sync JSON body (src/hbbs_http/sync.rs). Over an intact HTTPS session it is not exposed in transit, but it is a reusable shared secret rather than a zero-knowledge proof, so it is recovered by any party that becomes the API endpoint - under the automatic invalid-certificate TLS downgrade (CVE-2026-30794) or a re-homed/rogue API server (CVE-2026-30797) - and the leaked credential then authorizes the server-side address book.\n\nThis vulnerability is associated with program files src/hbbs_http/sync.rs and program routines heartbeat sync body builder (emits preset-address-book-password).\n\nThis issue affects RustDesk Client: through 1.4.8.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) allows Sniffing Attacks.<br><br>The client places the preset address-book password verbatim into the heartbeat sync JSON body (src/hbbs_http/sync.rs). Over an intact HTTPS session it is not exposed in transit, but it is a reusable shared secret rather than a zero-knowledge proof, so it is recovered by any party that becomes the API endpoint - under the automatic invalid-certificate TLS downgrade (CVE-2026-30794) or a re-homed/rogue API server (CVE-2026-30797) - and the leaked credential then authorizes the server-side address book.<br><br>This vulnerability is associated with program files src/hbbs_http/sync.rs and program routines heartbeat sync body builder (emits preset-address-book-password).<br><br>This issue affects RustDesk Client: through 1.4.8."}]}], "references": [{"url": "https://rustdesk.com/docs/en/", "tags": ["technical-description", "x_--config documentation"]}, {"url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub", "tags": ["third-party-advisory", "exploit"]}, {"url": "https://www.vulsec.org/", "tags": ["vdb-entry", "third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"}}], "configurations": [{"lang": "en", "value": "Client with a preset address book password configured", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Client with a preset address book password configured"}]}], "workarounds": [{"lang": "en", "value": "Avoid setting address book passwords; use account-based access only", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Avoid setting address book passwords; use account-based access only"}]}], "solutions": [{"lang": "en", "value": "Transition Address Book API to SRP (Secure Remote Password)", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Transition Address Book API to SRP (Secure Remote Password)"}]}], "exploits": [{"lang": "en", "value": "PoC available. Trivially exploitable.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "PoC available. Trivially exploitable.<br>"}]}], "credits": [{"lang": "en", "value": "Erez Kalman", "type": "finder"}, {"lang": "en", "value": "Erez Kalman", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T14:31:35.721954Z", "id": "CVE-2026-30796", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T14:31:39.098Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30796", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T14:31:35.721954Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T16:34:58.670Z"}}], "cna": {"title": "RustDesk Client Transmits Preset Address Book Password Verbatim in Heartbeat Sync", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Erez Kalman"}, {"lang": "en", "type": "reporter", "value": "Erez Kalman"}], "impacts": [{"capecId": "CAPEC-157", "descriptions": [{"lang": "en", "value": "CAPEC-157 Sniffing Attacks"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/rustdesk/rustdesk,https://github.com/rustdesk/hbb_common", "vendor": "rustdesk-client", "modules": ["Address book sync", "Heartbeat sync loop"], "product": "RustDesk Client", "versions": [{"status": "affected", "changes": [{"at": "Server Pro", "status": "affected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.4.8"}], "platforms": ["Windows", "MacOS", "Linux", "iOS", "Android"], "packageName": "rustdesk-client", "programFiles": ["src/hbbs_http/sync.rs"], "collectionURL": "https://github.com/rustdesk/rustdesk/releases", "defaultStatus": "affected", "programRoutines": [{"name": "heartbeat sync body builder (emits preset-address-book-password verbatim)"}]}], "exploits": [{"lang": "en", "value": "PoC available. Trivially exploitable.", "supportingMedia": [{"type": "text/html", "value": "PoC available. Trivially exploitable.<br>", "base64": false}]}], "solutions": [{"lang": "en", "value": "Transition Address Book API to SRP (Secure Remote Password)", "supportingMedia": [{"type": "text/html", "value": "Transition Address Book API to SRP (Secure Remote Password)", "base64": false}]}], "datePublic": "2026-03-05T13:45:00.000Z", "references": [{"url": "https://rustdesk.com/docs/en/", "tags": ["technical-description", "x_--config documentation"]}, {"url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub", "tags": ["third-party-advisory", "exploit"]}, {"url": "https://www.vulsec.org/", "tags": ["vdb-entry", "third-party-advisory"]}], "workarounds": [{"lang": "en", "value": "Avoid setting address book passwords; use account-based access only", "supportingMedia": [{"type": "text/html", "value": "Avoid setting address book passwords; use account-based access only", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) allows Sniffing Attacks.\n\nThe client places the preset address-book password verbatim into the heartbeat sync JSON body (src/hbbs_http/sync.rs). Over an intact HTTPS session it is not exposed in transit, but it is a reusable shared secret rather than a zero-knowledge proof, so it is recovered by any party that becomes the API endpoint - under the automatic invalid-certificate TLS downgrade (CVE-2026-30794) or a re-homed/rogue API server (CVE-2026-30797) - and the leaked credential then authorizes the server-side address book.\n\nThis vulnerability is associated with program files src/hbbs_http/sync.rs and program routines heartbeat sync body builder (emits preset-address-book-password).\n\nThis issue affects RustDesk Client: through 1.4.8.", "supportingMedia": [{"type": "text/html", "value": "Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) allows Sniffing Attacks.<br><br>The client places the preset address-book password verbatim into the heartbeat sync JSON body (src/hbbs_http/sync.rs). Over an intact HTTPS session it is not exposed in transit, but it is a reusable shared secret rather than a zero-knowledge proof, so it is recovered by any party that becomes the API endpoint - under the automatic invalid-certificate TLS downgrade (CVE-2026-30794) or a re-homed/rogue API server (CVE-2026-30797) - and the leaked credential then authorizes the server-side address book.<br><br>This vulnerability is associated with program files src/hbbs_http/sync.rs and program routines heartbeat sync body builder (emits preset-address-book-password).<br><br>This issue affects RustDesk Client: through 1.4.8.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials"}]}], "configurations": [{"lang": "en", "value": "Client with a preset address book password configured", "supportingMedia": [{"type": "text/html", "value": "Client with a preset address book password configured", "base64": false}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.4.8", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:macos:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.4.8", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:linux:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.4.8", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:ios:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.4.8", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:android:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.4.8", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "shortName": "VULSec", "dateUpdated": "2026-06-22T13:17:31.551Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30796", "state": "PUBLISHED", "dateUpdated": "2026-06-22T13:17:31.551Z", "dateReserved": "2026-03-05T14:13:37.203Z", "assignerOrgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "datePublished": "2026-03-05T15:30:39.605Z", "assignerShortName": "VULSec"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"collectionURL": "https://github.com/rustdesk/rustdesk-server-pro/releases", "defaultStatus": "affected", "modules": ["Address book sync API"], "packageName": "rustdesk-server-pro", "platforms": ["Windows", "MacOS", "Linux"], "product": "RustDesk Server Pro", "programFiles": ["Closed source \u2014 API endpoint handling heartbeat sync"], "programRoutines": [{"name": "Heartbeat API handler (accepts preset-address-book-password in plaintext)"}], "vendor": "rustdesk-server-pro", "versions": [{"changes": [{"at": "Server Pro", "status": "affected"}], "lessThanOrEqual": "1.7.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rustdesk:rustdesk_server:*:*:*:*:pro:*:*:*", "matchCriteriaId": "4F6E21F9-385D-4DB4-9CD4-EDB43561D9E5", "versionEndIncluding": "1.7.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Address book sync API modules) allows Sniffing Attacks. This vulnerability is associated with program files Closed source \u2014 API endpoint handling heartbeat sync and program routines Heartbeat API handler (accepts preset-address-book-password in plaintext).\n\nThis issue affects RustDesk Server Pro: through 1.7.5."}, {"lang": "es", "value": "Vulnerabilidad de transmisi\u00f3n en texto claro de informaci\u00f3n sensible en rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro en Windows, MacOS, Linux (M\u00f3dulos de API de sincronizaci\u00f3n de libreta de direcciones) permite ataques de sniffing. Esta vulnerabilidad est\u00e1 asociada con archivos de programa de c\u00f3digo cerrado \u2014 punto final de API que gestiona la sincronizaci\u00f3n de latidos y rutinas de programa gestor de API de latidos (acepta preset-address-book-password en texto claro).\n\nEste problema afecta a RustDesk Server Pro: hasta la 1.7.5."}], "id": "CVE-2026-30796", "lastModified": "2026-06-17T10:32:56.087", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-30796", "options": [{"exploitation": "poc"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2026-03-17T14:31:35.721954Z", "version": "2.0.3"}}]}, "published": "2026-03-05T16:16:21.007", "references": [{"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "tags": ["Exploit", "Third Party Advisory"], "url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub"}, {"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "tags": ["Product", "Vendor Advisory"], "url": "https://rustdesk.com/docs/en/"}, {"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "tags": ["Not Applicable"], "url": "https://www.vulsec.org/"}], "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows", "macos", "linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.7.5]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "RustDesk Server Pro", "source": "cna", "vendor": "rustdesk-server-pro"}, "product": "rustdesk_server_pro", "vendor": "rustdesk-server-pro"}], "created": "2026-03-06T15:01:48.992667+00:00", "updated": "2026-06-22T11:30:05.496607+00:00", "vendors": ["rustdesk-server-pro", "rustdesk-server-pro$PRODUCT$rustdesk_server_pro"]}