CVE-2026-2490

MEDIUM 5.5

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Transfer File feature. By uploading a symbolic link, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-27909.

CWE	CWE-59
Vendor	rustdesk
Product	client for windows
Published	Feb 20, 2026
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for rustdesk client for windows

Be the first to know when new medium vulnerabilities affecting rustdesk client for windows are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Versions

RustDesk / Client for Windows

1.4.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zerodayinitiative.com: https://www.zerodayinitiative.com/advisories/ZDI-26-117/ github.com: https://github.com/rustdesk/rustdesk/pull/13736