PT-2026-23456 · Unknown · Rustdesk Server Pro+1

Erez Kalman

Published

2026-03-05

Updated

2026-03-05

CVE-2026-30790

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RustDesk Server Pro versions through 1.7.5 RustDesk Server (OSS) versions through 1.1.15

Description The software contains a flaw related to insufficient restriction of excessive authentication attempts and the use of a password hash with insufficient computational effort, potentially allowing password brute forcing. The issue impacts the peer authentication and API login modules. The vulnerability is linked to code within the src/server/connection.Rs file, specifically concerning salt and challenge generation, and the SHA256(SHA256(pwd+salt)+challenge) verification process.

Recommendations Update RustDesk Server Pro to a version later than 1.7.5. Update RustDesk Server (OSS) to a version later than 1.1.15.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-916

Related Identifiers

CVE-2026-30790

Affected Products

Rustdesk Server

Rustdesk Server Pro

PT-2026-23456 · Unknown · Rustdesk Server Pro+1

CVE-2026-30790

Weakness Enumeration

Related Identifiers

Affected Products

References · 7