CVE-2026-30784
CRIT 9.8Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezvous server (hbbs), relay server (hbbr) modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_server.Rs, src/relay_server.Rs and program routines handle_punch_hole_request(), RegisterPeer handler, relay forwarding.
This issue affects RustDesk Server: through 1.7.5, through 1.1.15.
Affected Applications in Environment
24
Rustdesk
v1.2.3+39
1 device
Rustdesk
v1.4.5
6 devices
Rustdesk
v1.4.6+64
7 devices
Rustdesk
v1.4.6.29544831
1 device
Rustdesk
v1.4.0+58
2 devices
Rustdesk
v1.3.9 (57)
1 device
Rustdesk
v1.4.4 (62)
1 device
Rustdesk
v1.4.2+60
1 device
Rustdesk
v1.4.3
1 device
Rustdesk
v1.4.5+63
11 devices
Rustdesk
v1.4.1
7 devices
Rustdesk
v1.2.3
1 device
Rustdesk
v1.4.1+59
7 devices
Rustdesk
v1.4.6
6 devices
Rustdesk
v1.4.4+62
1 device
Rustdesk
v1.4.2 (60)
1 device
Rustdesk
v1.4.0.29119187
2 devices
Rustdesk
v1.3.1.28780709
1 device
Rustdesk
v1.3.1+47
1 device
Rustdesk
v1.4.2
1 device
Rustdesk
v1.4.5.29466336
1 device
Rustdesk
v1.4.4.29392109
1 device
Rustdesk
v1.4.3+60
1 device
server
v1.0.0.0
1 device
Affected Devices
28
DESKTOP-5KVOR71
Windows
DESKTOP-AASJHC2
Windows
DESKTOP-EILTT2N
Windows
DESKTOP-UUT4C45
Windows
DPCPD-BK7WZF2
Windows
DPCPD-PF4HJNK0
Windows
DPEMAE-7242KKC
Windows
DPENGR-L1283ZDM
Windows
DPHSNG-449500CE
Windows
DPHSNG-LEDBYOEM
Windows
DPHSNG-LTSTRING
Windows
DPINFT-02609239
Windows
DPINFT-6P663188
Windows
DPINFT-810B00F
Windows
DPINFT-PF1TA1PH
Windows
EBB107-01
Windows
HDTS171858
Windows
HTTS171501
Windows
LGN-HH-220
Windows
LGN-LIB-302
Windows
LGN-LIB-411
Windows
LOGAN-VSB-219
Windows
NCH-194817
Windows
SETHVM
Windows
SILK
Windows
a00014956-R7HQ9T146L
Mac
a00344774-D64VY7FMP7
Mac
a00523751-JYGQVF06HR
Mac