CVE-2026-30790

CRITICAL

9.8

Description

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Peer authentication, API login modules), rustdesk-server RustDesk Server (OSS) rustdesk-server on Windows, MacOS, Linux (Peer authentication, API login modules) allows Password Brute Forcing. This vulnerability is associated with program files src/server/connection.Rs and program routines Salt/challenge generation, SHA256(SHA256(pwd+salt)+challenge) verification. This issue affects RustDesk Server Pro: through 1.7.5; RustDesk Server (OSS): through 1.1.15.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie3/5/2026

Derniere modification3/25/2026

Sourcenvd

Observations honeypot0

Produits affectes

apple:macoslinux:linux_kernelmicrosoft:windowsrustdesk:rustdesk_server

Faiblesses (CWE)

CWE-307CWE-916

References

https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub(2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe)

https://github.com/rustdesk(2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe)

https://www.vulsec.org/(2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.