Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
RustDesk Server allows unauthorized access to critical functions
CVE-2026-30784
Summary
A security flaw in RustDesk Server versions up to 1.7.5 and 1.1.15 allows attackers to bypass access controls and potentially take control of the server. This means that an attacker could exploit this vulnerability to access sensitive areas of the server, which could lead to data breaches or other security incidents. To fix this issue, update to the latest version of RustDesk Server, which includes the necessary security patches.
Original title
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rende...
Original description
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezvous server (hbbs), relay server (hbbr) modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_server.Rs, src/relay_server.Rs and program routines handle_punch_hole_request(), RegisterPeer handler, relay forwarding.
This issue affects RustDesk Server: through 1.7.5, through 1.1.15.
This issue affects RustDesk Server: through 1.7.5, through 1.1.15.
nvd CVSS4.0
8.8
Vulnerability type
CWE-306
Missing Authentication for Critical Function
CWE-862
Missing Authorization
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026