Vulnerability Description
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezvous server (hbbs), relay server (hbbr) modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_server.Rs, src/relay_server.Rs and program routines handle_punch_hole_request(), RegisterPeer handler, relay forwarding. This issue affects RustDesk Server: through 1.7.5, through 1.1.15.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rustdesk | Rustdesk Server | <= 1.1.15 |
Related Weaknesses (CWE)
References
- https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPExploitThird Party Advisory
- https://rustdesk.com/docs/en/self-host/ProductVendor Advisory
- https://www.vulsec.org/Not Applicable
FAQ
What is CVE-2026-30784?
CVE-2026-30784 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezvo...
How severe is CVE-2026-30784?
CVE-2026-30784 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-30784?
Check the references section above for vendor advisories and patch information. Affected products include: Rustdesk Rustdesk Server.