CVE-2026-30784 identifies a critical missing authorization and authentication vulnerability in the RustDesk Server software, specifically affecting the rendezvous server (hbbs) and relay server (hbbr) modules. These modules facilitate peer-to-peer connection establishment and relay forwarding for remote desktop sessions. The vulnerability arises from insufficient access control checks in key functions such as handle_punch_hole_request(), RegisterPeer handler, and relay forwarding logic. Because these functions do not enforce proper authentication or authorization, an attacker can exploit this flaw remotely over the network without any privileges or user interaction. This enables privilege abuse scenarios where unauthorized entities may register peers, manipulate relay forwarding, or interfere with connection establishment, potentially leading to unauthorized access, session hijacking, or disruption of service. The vulnerability affects all server platforms running RustDesk Server versions through 1.7.5 and 1.1.15. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N) reflects a network attack vector with low attack complexity, no authentication or user interaction required, no confidentiality impact, high integrity impact, and low availability impact. No public exploits are known yet, but the severity and ease of exploitation make this a critical issue for organizations relying on RustDesk for remote access and management. The lack of patches at the time of reporting necessitates immediate attention to mitigate risk.

The impact of CVE-2026-30784 is significant for organizations using RustDesk Server as it allows unauthenticated attackers to abuse privileges within critical server components. This can lead to unauthorized peer registrations, manipulation of relay forwarding, and potentially unauthorized remote access or session hijacking. The integrity of remote desktop sessions can be compromised, enabling attackers to inject malicious commands or disrupt legitimate connections. Although confidentiality impact is not directly indicated, the ability to interfere with session establishment and relay mechanisms can indirectly expose sensitive operational details or enable lateral movement within networks. The vulnerability’s network accessibility and lack of required authentication make it highly exploitable, increasing the risk of widespread attacks. Organizations relying on RustDesk for remote management, especially in sensitive environments such as enterprises, government agencies, or critical infrastructure, face elevated risks of operational disruption, data integrity breaches, and unauthorized access. The absence of known exploits currently provides a window for proactive mitigation, but the high CVSS score underscores the urgency.

1. Immediately restrict network access to RustDesk Server components (hbbs and hbbr) to trusted internal networks or VPNs to reduce exposure to unauthenticated attackers. 2. Implement strict firewall rules limiting inbound traffic to known and authorized IP addresses and ports used by RustDesk Server. 3. Monitor server logs for unusual peer registration attempts or relay forwarding activities that could indicate exploitation attempts. 4. Employ network segmentation to isolate RustDesk Server infrastructure from critical assets and sensitive data. 5. Until official patches are released, consider disabling or limiting the use of vulnerable modules if operationally feasible. 6. Engage with RustDesk vendor channels to obtain security updates or patches as soon as they become available and prioritize their deployment. 7. Conduct thorough audits of RustDesk Server configurations to ensure no default or weak credentials are in use and that all security best practices are followed. 8. Educate system administrators about this vulnerability and the importance of rapid response to suspicious activities related to remote desktop services. 9. Consider deploying intrusion detection/prevention systems (IDS/IPS) with custom signatures targeting anomalous behaviors in the affected server modules. 10. Plan for incident response readiness in case exploitation attempts are detected.