CVE-2026-30784

Summary

Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezvous server (hbbs), relay server (hbbr) modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_server.Rs, src/relay_server.Rs and program routines handle_punch_hole_request(), RegisterPeer handler, relay forwarding.

This issue affects RustDesk Server: through 1.7.5, through 1.1.15.

Affected Software

VendorProductVersion RangeStatus
rustdesk-serverRustDesk Server0 <= 1.7.5affected
rustdesk-serverRustDesk Server0 <= 1.1.15affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization
  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

Restrict network access to hbbs/hbbr ports (21116, 21117) via firewall. Use strong passwords.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References