• Advisory Details RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability ZDI-26-117ZDI-CAN-27909 This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. • An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • The specific flaw exists within the Transfer File feature. • By uploading a symbolic link, an attacker can abuse the service to read arbitrary files. • An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • 2025-09-11 - Vulnerability reported to vendor 2026-02-19 - Coordinated public release of advisory 2026-02-19 - Advisory Updated General Inquiries Find us on X Find us on Mastodon Media Inquiries Sensitive Email Communications Our Mission TrendAI TippingPoint IPS Process Researcher Rewards FAQS Privacy Published Advisories Upcoming Advisories RSS Feeds

Article Summaries:

  • CVE ID | CVE-2026-2490 | CVSS SCORE | 5.5, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | AFFECTED VENDORS | RustDesk | AFFECTED PRODUCTS | Client for Windows | VULNERABILITY DETAILS | This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Transfer File feature. By uploading a symbolic link, an attacker can abuse the service to read arbitrary files. An attac

Sources: