Insecure Deserialization Vulnerability in Progress Telerik UI for AJAX
CVE-2026-6023

8.1HIGH

Key Information:

Vendor: Progress Software
Status: Telerik Ui For Asp.net Ajax
Vendor: CVE Published:; 22 April 2026

🔔 Create Progress Software Vulnerability Alert

What is CVE-2026-6023?

The Telerik UI for AJAX's RadFilter control is susceptible to insecure deserialization issues. This vulnerability arises when the filter state is allowed to be exposed to clients. If an attacker manipulates this data, it could lead to unauthorized remote code execution on the server, posing a significant security risk.

Affected Version(s)

Telerik UI for ASP.NET AJAX 2024.4.1114 < 2026.1.421

References

https://www.telerik.com/products/aspnet-ajax/documentatio...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-6023 Data

JSON