CVE-2026-58056 – RustDesk – FileTransfer Session Authorization Scope Bypass

CVE ID :CVE-2026-58056

Published : June 28, 2026, 1:32 a.m. | 2 hours, 12 minutes ago

Description :RustDesk gates incoming control messages on per-capability flags rather than on the session’s authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded screenshot and display-capture handlers, acting outside its granted scope.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…