Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
RustDesk Server Pro and OSS allow brute-force login attacks
CVE-2026-30790
Summary
If someone tries to guess your login credentials repeatedly, they may be able to get in. This is because the software doesn't limit how many guesses can be made in a short time. To fix this, update to the latest version of RustDesk Server Pro or OSS, which includes security patches to prevent brute-force attacks.
Original title
Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro o...
Original description
Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Peer authentication, API login modules), rustdesk-server RustDesk Server (OSS) rustdesk-server on Windows, MacOS, Linux (Peer authentication, API login modules) allows Password Brute Forcing. This vulnerability is associated with program files src/server/connection.Rs and program routines Salt/challenge generation, SHA256(SHA256(pwd+salt)+challenge) verification.
This issue affects RustDesk Server Pro: through 1.7.5; RustDesk Server (OSS): through 1.1.15.
This issue affects RustDesk Server Pro: through 1.7.5; RustDesk Server (OSS): through 1.1.15.
nvd CVSS4.0
9.3
Vulnerability type
CWE-307
CWE-916
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026