PT-2026-34266 · Progress · Telerik Ui For Asp.Net Ajax
Published
2026-04-22
·
Updated
2026-04-22
·
CVE-2026-6023
CVSS v3.1
8.1
High
| AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Telerik Ui For Asp.Net Ajax