CVE-2026-30790

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Peer authentication, API login modules), rustdesk-server RustDesk Server (OSS) rustdesk-server on Windows, MacOS, Linux (Peer authentication, API login modules) allows Password Brute Forcing. This vulnerability is associated with program files src/server/connection.Rs and program routines Salt/challenge generation, SHA256(SHA256(pwd+salt)+challenge) verification. This issue affects RustDesk Server Pro: through 1.7.5; RustDesk Server (OSS): through 1.1.15.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub	Exploit Third Party Advisory
https://github.com/rustdesk	Product
https://www.vulsec.org/	Not Applicable

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:rustdesk:rustdesk_server:*:*:*:*:pro:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:rustdesk:rustdesk_server:*:*:*:*:oss:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

25 Mar 2026, 15:43

Type	Values Removed	Values Added
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:rustdesk:rustdesk_server:::::pro:::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:a:rustdesk:rustdesk_server:::::oss:::* cpe:2.3:o:apple:macos:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Microsoft Rustdesk rustdesk Server Linux linux Kernel Linux Rustdesk Microsoft windows Apple macos Apple
Summary		(es) Restricción Inadecuada de Intentos Excesivos de Autenticación, vulnerabilidad de Uso de Hash de Contraseña Con Esfuerzo Computacional Insuficiente en rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro en Windows, MacOS, Linux (autenticación de pares, módulos de inicio de sesión de API), rustdesk-server RustDesk Server (OSS) rustdesk-server en Windows, MacOS, Linux (autenticación de pares, módulos de inicio de sesión de API) permite la Fuerza Bruta de Contraseñas. Esta vulnerabilidad está asociada con los archivos de programa src/server/connection.Rs y las rutinas de programa generación de Salt/challenge, verificación de SHA256(SHA256(pwd+salt)+challenge). Este problema afecta a RustDesk Server Pro: hasta 1.7.5; RustDesk Server (OSS): hasta 1.1.15.
References	~~() https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub -~~	() https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub - Exploit, Third Party Advisory
References	~~() https://github.com/rustdesk -~~	() https://github.com/rustdesk - Product
References	~~() https://www.vulsec.org/ -~~	() https://www.vulsec.org/ - Not Applicable

05 Mar 2026, 19:16

Type	Values Removed	Values Added
References		() https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub - () https://www.vulsec.org/ -

05 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-05 16:16

Updated : 2026-03-25 15:43

NVD link : CVE-2026-30790

Mitre link : CVE-2026-30790

CVE.ORG link : CVE-2026-30790

JSON object : View

Products Affected

rustdesk

rustdesk_server

linux

linux_kernel

microsoft

windows

apple

macos

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

CWE-916

Use of Password Hash With Insufficient Computational Effort

9.8 /10