CVE-2026-30784

216.73.217.22

· Published 05/03/2026 16:16 · Modified 05/03/2026 19:38

Labels: CVE-2026-30784 2026-03-05 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe CVE-2026-30784 CWE-306

Essential information

Published: 05/03/2026 16:16
Modified: 05/03/2026 19:38
Author: —
Creator: —
CVSS: 8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezvous server (hbbs), relay server (hbbr) modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_server.Rs, src/relay_server.Rs and program routines handle_punch_hole_request(), RegisterPeer handler, relay forwarding. This issue affects RustDesk Server: through 1.7.5, through 1.1.15.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
NVD: View on NVD

Affected products (CPE)

Product	CPE
rustdesk / rustdesk-server	`cpe:2.3:a:rustdesk:rustdesk-server:<1.7.5:::::::*`
rustdesk / rustdesk-server-pro	`cpe:2.3:a:rustdesk:rustdesk-server-pro:<1.1.15:::::::*`