Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET...

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.

Basic Information

ID CVE-2026-6023

Source ProgressSoftware

Published Apr 22, 2026 at 07:13

Affected Product

Vendor Progress Software

Product Telerik UI for ASP.NET AJAX

Version 2024.4.1114

Affected Versions Progress Software Telerik UI for ASP.NET AJAX 2024.4.1114

CWE Classification

CWE-502

References

www.telerik.com /products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023

{
    "lastseen": "",
    "description": "In Progress\u00ae Telerik\u00ae UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.",
    "published": "2026-04-22T07:13:07.933Z",
    "modified": "2026-04-22T07:13:07.933Z",
    "type": "cve",
    "title": "Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX",
    "source": "ProgressSoftware",
    "references": "https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023",
    "id": "CVE-2026-6023",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "Progress Software Telerik UI for ASP.NET AJAX 2024.4.1114",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Telerik UI for ASP.NET AJAX",
    "version": "2024.4.1114",
    "vendor": "Progress Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX_CVE-2026-6023