Improper Authentication Restrictions in RustDesk Server Pro and OSS from RustDesk
CVE-2026-30790

9.3CRITICAL

Key Information:

Vendor

Rustdesk-server-pro

Status
Rustdesk Server Pro
Rustdesk Server (oss)
Vendor
CVE Published:
5 March 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-30790?

A vulnerability in RustDesk Server Pro and OSS allows attackers to exploit improper restrictions on authentication attempts, facilitating password brute forcing. The affected systems utilize weak password hashing mechanisms and insufficient computational effort in their authentication workflows, making it easier for unauthorized individuals to gain access. Users are encouraged to update to the latest versions to mitigate the risk.

Affected Version(s)

RustDesk Server (OSS) Windows 0 <= 1.1.15

RustDesk Server Pro Windows 0 <= 1.7.5

References

https://github.com/rustdesk
product
https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO...
third-party-advisoryexploit
https://www.vulsec.org/
vdb-entrythird-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Erez Kalman
Erez Kalman
.