CVE-2026-30790

216.73.217.22

· Published 05/03/2026 16:16 · Modified 05/03/2026 19:38

Labels: CVE-2026-30790 2026-03-05 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe CVE-2026-30790 CWE-307

Essential information

Published: 05/03/2026 16:16
Modified: 05/03/2026 19:38
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Peer authentication, API login modules), rustdesk-server RustDesk Server (OSS) rustdesk-server on Windows, MacOS, Linux (Peer authentication, API login modules) allows Password Brute Forcing. This vulnerability is associated with program files src/server/connection.Rs and program routines Salt/challenge generation, SHA256(SHA256(pwd+salt)+challenge) verification. This issue affects RustDesk Server Pro: through 1.7.5; RustDesk Server (OSS): through 1.1.15.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
NVD: View on NVD

Affected products (CPE)

Product	CPE
rustdesk / rustdesk server pro	`cpe:2.3:a:rustdesk:rustdesk_server_pro::::::::`
rustdesk / rustdesk server	`cpe:2.3:a:rustdesk:rustdesk_server:<=1.1.15:::::::*`