CVE-2026-30790

Name of the Vulnerable Software and Affected Versions RustDesk Server Pro versions through 1.7.5 RustDesk Server (OSS) versions through 1.1.15

Description The software contains a flaw related to insufficient restriction of excessive authentication attempts and the use of a password hash with insufficient computational effort, potentially allowing password brute forcing. The issue impacts the peer authentication and API login modules. The vulnerability is linked to code within the src/server/connection.Rs file, specifically concerning salt and challenge generation, and the SHA256(SHA256(pwd+salt)+challenge) verification process.

Recommendations Update RustDesk Server Pro to a version later than 1.7.5. Update RustDesk Server (OSS) to a version later than 1.1.15.