cbcvebase.
CVE-2026-6023
published 2026-04-22

CVE-2026-6023: In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.54%
41.3th percentile
In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.

Affected

2 ranges
VendorProductVersion rangeFixed in
progresstelerik_ui_for_asp.net_ajax>= 2024.4.1114 < 2026.1.4212026.1.421
progress_softwaretelerik_ui_for_asp.net_ajax>= 2024.4.1114 < 2026.1.4212026.1.421
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.