CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-6023

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.7%

CVSS Severity

CVSS v3 Score 8.1

References

https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023

Products affected by CVE-2026-6023

Progress » Telerik Ui For Asp.net Ajax » Version: 2024.4.1114

cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2024.4.1114
Progress » Telerik Ui For Asp.net Ajax » Version: 2025.1.211

cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.1.211
Progress » Telerik Ui For Asp.net Ajax » Version: 2025.1.218

cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.1.218
Progress » Telerik Ui For Asp.net Ajax » Version: 2025.1.416

cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.1.416
Progress » Telerik Ui For Asp.net Ajax » Version: 2025.2.520

cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.2.520
Progress » Telerik Ui For Asp.net Ajax » Version: 2025.2.528

cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.2.528
Progress » Telerik Ui For Asp.net Ajax » Version: 2025.2.609

cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.2.609

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-6023

Products

Pricing

Contact Us