← voltar
CVE-2026-6023

Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX

CVSS 8.1 HIGHEPSS 0.5%CWE-502
In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Progress Software · Telerik UI for ASP.NET AJAX

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023