प्लेटफ़ॉर्म
rust
घटक
rustdesk-server
में ठीक किया गया
1.7.6
1.1.16
CVE-2026-30784 describes a critical Missing Authorization and Authentication vulnerability discovered in RustDesk Server. This flaw allows for Privilege Abuse, potentially granting attackers unauthorized access and control over the server. The vulnerability impacts versions 0.0 through 1.7.5 and 1.1.15 across all server platforms, specifically the Rendezvous server (hbbs) and relay server (hbbr) modules. A fix is expected to be released by the vendor.
The core of this vulnerability lies in the inadequate authorization and authentication checks within the RustDesk Server's Rendezvous and relay server modules. Attackers can exploit this to bypass security controls and gain elevated privileges. Successful exploitation could lead to unauthorized access to sensitive data, modification of server configurations, and even complete control over the server infrastructure. The handlepunchhole_request() and RegisterPeer handlers, as well as relay forwarding routines, are particularly vulnerable. The potential impact is significant, especially considering RustDesk's use in remote access scenarios, where compromised servers could expose user data and systems to malicious actors.
CVE-2026-30784 was publicly disclosed on 2026-03-05. Currently, there are no known public proof-of-concept exploits available. The EPSS score for this vulnerability is pending evaluation. It is listed on the NVD. Active campaigns are not currently confirmed, but the severity of the vulnerability warrants proactive monitoring and mitigation.
Organizations and individuals relying on RustDesk Server for remote access are at risk. This includes businesses using RustDesk for remote support, education institutions utilizing it for online learning, and individuals using it for personal remote access. Shared hosting environments where multiple users share a single RustDesk Server instance are particularly vulnerable, as a compromise of the server could affect all users.
• rust: Examine RustDesk Server logs for unusual connection attempts or authentication failures, particularly targeting the handlepunchhole_request() and RegisterPeer endpoints.
• linux / server: Use journalctl -u rustdesk-server to monitor for errors or suspicious activity related to authentication and authorization.
• generic web: Monitor access logs for requests to the Rendezvous and relay server endpoints originating from unexpected IP addresses or user agents.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.15% (36% शतमक)
CISA SSVC
The primary mitigation for CVE-2026-30784 is to upgrade to a patched version of RustDesk Server as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds to reduce the attack surface. These may include restricting network access to the server, implementing stricter firewall rules to limit inbound connections, and carefully reviewing and auditing server configurations. Monitoring logs for suspicious activity related to the handlepunchhole_request() and RegisterPeer handlers is also recommended. After upgrading, verify the fix by attempting to connect to the server using unauthorized credentials and confirming that access is denied.
भेद्यता को ठीक करने के लिए RustDesk Server को 1.7.5 और 1.1.15 के बाद के संस्करण में अपडेट करें। सुरक्षित रूप से अपडेट करने के तरीके के बारे में विस्तृत निर्देशों के लिए RustDesk के आधिकारिक दस्तावेज़ देखें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-30784 is a Missing Authorization/Authentication vulnerability in RustDesk Server versions 0.0 - 1.7.5 and 1.1.15, allowing attackers to gain unauthorized privileges.
If you are running RustDesk Server versions 0.0 through 1.7.5 or 1.1.15, you are potentially affected by this vulnerability.
Upgrade to a patched version of RustDesk Server as soon as it becomes available. Until then, implement temporary workarounds like restricting network access and monitoring logs.
Currently, there are no confirmed active exploitation campaigns, but the vulnerability's severity warrants proactive monitoring.
Refer to the official RustDesk security advisories on their website or GitHub repository for updates and announcements regarding this vulnerability.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी Cargo.lock फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।