CVE-2026-6023

HIGH

8.1

Beschreibung

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.

CVE Details

CVSS v3.1 Bewertung8.1

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatHIGH

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht4/22/2026

Zuletzt geandert4/22/2026

Quellenvd

Honeypot-Sichtungen0

Schwachen (CWE)

CWE-502

Referenzen

https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023(security@progress.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.