CVE-2026-30790CRITICAL 9.8EPSS p32.0%

CVE-2026-30790CVE-2026-30790

Description

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Peer authentication, API login modules), rustdesk-server RustDesk Server (OSS) rustdesk-server on Windows, MacOS, Linux (Peer authentication, API login modules) allows Password Brute Forcing. This vulnerability is associated with program files src/server/connection.Rs and program routines Salt/challenge generation, SHA256(SHA256(pwd+salt)+challenge) verification. This issue affects RustDesk Server Pro: through 1.7.5; RustDesk Server (OSS): through 1.1.15.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.40% probability of exploitation · percentile 32.0% · 2026-06-18T12:00:27Z
Published2026-03-05
Last modified2026-03-25

Underlying weaknesses· 2

CWE-307CWE-916

References

  1. https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub
  2. https://github.com/rustdesk
  3. https://www.vulsec.org/

2

TypeTargetConfidenceTier
WeaknessImproper Restriction of Excessive Authentication Attemptscwe-3070%live
WeaknessUse of Password Hash With Insufficient Computational Effortcwe-9160%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-30789
CVE
CVE-2026-30784
CVE
CVE-2026-30783
CVE
CVE-2026-30793
CVE
CVE-2026-30794
CVE
CVE-2026-30792
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.