Vulnerability Details CVE-2026-30784
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezvous server (hbbs), relay server (hbbr) modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_server.Rs, src/relay_server.Rs and program routines handle_punch_hole_request(), RegisterPeer handler, relay forwarding.
This issue affects RustDesk Server: through 1.7.5, through 1.1.15.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 35.9%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2026-30784
-
cpe:2.3:a:rustdesk:rustdesk_server:*