CVE-2026-6023

· NIST NVD ↗

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.

HIGH
CVSS severity
8.1
CVSS base score
2026-04-22
Published

CWE codes

CWE-502

Affected products

progress:telerik_ui_for_asp.net_ajax

Sources