CVE-2026-30790 is a critical security vulnerability found in RustDesk Server Pro (up to version 1.7.5) and the open-source RustDesk Server (up to version 1.1.15). The flaw arises from two main issues: improper restriction of excessive authentication attempts (CWE-307) and the use of password hashing with insufficient computational effort (CWE-916). Specifically, the affected components include the peer authentication and API login modules on Windows, MacOS, and Linux platforms. The vulnerability is rooted in the implementation of password verification routines, which use a double SHA256 hashing scheme with salt and challenge values (SHA256(SHA256(pwd+salt)+challenge)) that is computationally weak and susceptible to brute force attacks. Additionally, the system lacks adequate rate limiting or lockout mechanisms to prevent repeated authentication attempts, allowing attackers to perform password brute forcing without restrictions. This combination significantly lowers the barrier for attackers to guess valid credentials, potentially leading to unauthorized access. The vulnerability affects critical program files such as src/server/connection.Rs and related authentication routines. The CVSS 4.0 vector indicates network attack vector, no privileges or user interaction required, and high impact on confidentiality and integrity, confirming the critical nature of this issue. Although no exploits are currently known in the wild, the vulnerability presents a high risk to all deployments of RustDesk Server Pro and OSS versions prior to the fixed releases.

The impact of CVE-2026-30790 is severe for organizations using RustDesk Server Pro or the open-source RustDesk Server for remote desktop and peer-to-peer communication. Successful exploitation allows attackers to brute force user credentials remotely without any authentication or user interaction, potentially leading to unauthorized access to internal networks, sensitive data exposure, and lateral movement within enterprise environments. Given RustDesk's role as a remote desktop solution, compromised servers could be used to control endpoints, exfiltrate data, deploy malware, or disrupt operations. The vulnerability affects multiple operating systems (Windows, MacOS, Linux), broadening the attack surface. Organizations relying on RustDesk for secure remote access, especially those in sectors like finance, healthcare, government, and critical infrastructure, face heightened risk of data breaches and operational disruption. The lack of existing patches at the time of disclosure increases exposure, and the critical CVSS score underscores the urgency of remediation. Although no active exploitation is reported, the ease of exploitation and high impact on confidentiality and integrity make this vulnerability a prime target for attackers once exploit code becomes available.

To mitigate CVE-2026-30790, organizations should immediately implement the following specific measures: 1) Deploy network-level protections such as Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) configured to detect and block brute force authentication attempts targeting RustDesk Server endpoints. 2) Enforce strong password policies and consider multi-factor authentication (MFA) for all RustDesk user accounts to reduce the risk of credential compromise. 3) Monitor authentication logs closely for repeated failed login attempts and implement custom rate limiting or account lockout mechanisms at the network or application layer if native controls are insufficient. 4) Isolate RustDesk servers within segmented network zones with strict access controls to limit lateral movement if compromised. 5) Regularly update RustDesk Server Pro and OSS installations to the latest patched versions once available, as the vendor releases fixes addressing this vulnerability. 6) Consider temporary mitigation by disabling API login modules or peer authentication features if feasible until patches are applied. 7) Educate administrators and users about the risks of brute force attacks and encourage vigilance for suspicious activity. These targeted actions go beyond generic advice and address the specific weaknesses exploited by this vulnerability.