Home / Vulnerability Intelligence / CVE-2026-6023

CVE-2026-6023 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: April 22, 2026

In Progress Telerik UI for AJAX - Insecure Deserialization

Published: April 22, 2026Updated: April 22, 2026Remote Exploitable

Overview

In Progress Telerik UI for AJAX 2024.4.1114 through 2026.1.421 contains an insecure deserialization vulnerability in RadFilter control when restoring filter state exposed to the client, letting remote attackers execute code, exploit requires tampered client-exposed state.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Remote attackers can execute arbitrary code on the server, potentially leading to full system compromise.

Mitigation

Update to a version later than 2026.1.421 or the latest available version.

References

https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023

Related Resources

Details

CVE ID: CVE-2026-6023
Severity: High
CVSS Score: 8.1
Type: insecure_deserialization
Status: new

CWE

CWE-502

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H