CVE-2026-6023CRITICAL 9.8EPSS p33.0%

CVE-2026-6023CVE-2026-6023

Description

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.41% probability of exploitation · percentile 33.0% · 2026-06-19T12:03:05Z
Published2026-04-22
Last modified2026-05-05

Underlying weaknesses· 1

CWE-502

References

  1. https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
CVE
Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
CVE
Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability
CVE
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVE
CVE-2026-5426
CVE
Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.