CVE-2026-30790 identifies a critical security flaw in RustDesk Server Pro and the open-source RustDesk Server affecting versions through 1.7.5 and 1.1.15 respectively. The vulnerability stems from two primary issues: improper restriction of excessive authentication attempts (CWE-307) and the use of a password hashing mechanism with insufficient computational effort (CWE-916). Specifically, the authentication modules for peer connections and API logins on Windows, MacOS, and Linux platforms use a password verification process involving SHA256 hashing of the password combined with salt and challenge values (SHA256(SHA256(pwd+salt)+challenge)). This scheme is computationally weak and does not sufficiently slow down brute force attempts. Moreover, the server does not adequately limit the number or rate of authentication attempts, allowing attackers to perform password brute forcing without restriction. The vulnerability affects core program files such as src/server/connection.Rs and the routines responsible for salt and challenge generation. Exploitation requires no privileges or user interaction, making it remotely exploitable over the network. Successful exploitation can lead to unauthorized access to the server, compromising confidentiality and integrity of the system and potentially enabling further lateral movement or data exfiltration. The CVSS 4.0 score of 9.3 reflects the critical nature of this vulnerability, with network attack vector, low attack complexity, and no required privileges or user interaction. Although no exploits have been reported in the wild yet, the vulnerability presents a significant risk to organizations using affected RustDesk versions.

The impact of CVE-2026-30790 is severe for organizations worldwide using RustDesk Server Pro or the open-source RustDesk Server for remote desktop and peer-to-peer communication. Successful exploitation allows attackers to brute force authentication credentials remotely without any restrictions, leading to unauthorized access to critical systems. This compromises confidentiality by exposing sensitive data and integrity by allowing attackers to manipulate or disrupt server operations. Availability could also be affected if attackers leverage access to disrupt services or deploy ransomware. Given RustDesk's use in enterprise remote access, IT support, and collaboration, this vulnerability could facilitate lateral movement within networks, data breaches, and persistent access by threat actors. The lack of authentication or user interaction requirements lowers the barrier for attackers, increasing the likelihood of exploitation. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely on RustDesk for secure remote access are at heightened risk. The vulnerability also poses risks to supply chains and managed service providers using RustDesk to support clients remotely.

To mitigate CVE-2026-30790, organizations should immediately upgrade RustDesk Server Pro to versions later than 1.7.5 and the open-source RustDesk Server to versions later than 1.1.15 once patches are released. Until patches are available, implement network-level protections such as rate limiting and IP blacklisting on authentication endpoints to restrict excessive login attempts. Deploy Web Application Firewalls (WAFs) or intrusion prevention systems (IPS) with rules to detect and block brute force patterns targeting RustDesk authentication modules. Enhance password policies to enforce strong, complex passwords that increase brute force difficulty. Consider integrating multi-factor authentication (MFA) for RustDesk access to add an additional security layer beyond passwords. Monitor authentication logs for unusual or repeated failed login attempts and alert on suspicious activity. Isolate RustDesk servers within segmented network zones with strict access controls to limit exposure. Review and harden server configurations to disable unnecessary services and enforce secure communication channels (e.g., TLS). Finally, educate administrators and users about the risks and signs of brute force attacks to improve detection and response.