{"api_version":"1","generated_at":"2026-04-22T12:57:32+00:00","cve":"CVE-2026-6023","urls":{"html":"https://cve.report/CVE-2026-6023","api":"https://cve.report/api/cve/CVE-2026-6023.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-6023","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-6023"},"summary":{"title":"Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX","description":"In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.","state":"PUBLISHED","assigner":"ProgressSoftware","published_at":"2026-04-22 08:16:13","updated_at":"2026-04-22 08:16:13"},"problem_types":["CWE-502","CWE-502 CWE-502 Deserialization of Untrusted Data"],"metrics":[{"version":"3.1","source":"security@progress.com","type":"Secondary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023","name":"https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023","refsource":"security@progress.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-6023","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6023","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Progress Software","product":"Telerik UI for ASP.NET AJAX","version":"affected 2024.4.1114 2026.1.421 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Telerik UI for ASP.NET AJAX","vendor":"Progress Software","versions":[{"lessThan":"2026.1.421","status":"affected","version":"2024.4.1114","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.</p>"}],"value":"In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible."}],"impacts":[{"capecId":"CAPEC-586","descriptions":[{"lang":"en","value":"CAPEC-586 Object Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"CWE-502 Deserialization of Untrusted Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-22T07:13:07.933Z","orgId":"f9fea0b6-671e-4eea-8fde-31911902ae05","shortName":"ProgressSoftware"},"references":[{"tags":["vendor-advisory"],"url":"https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023"}],"source":{"discovery":"INTERNAL"},"title":"Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"f9fea0b6-671e-4eea-8fde-31911902ae05","assignerShortName":"ProgressSoftware","cveId":"CVE-2026-6023","datePublished":"2026-04-22T07:13:07.933Z","dateReserved":"2026-04-09T15:47:27.389Z","dateUpdated":"2026-04-22T07:13:07.933Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-22 08:16:13","lastModifiedDate":"2026-04-22 08:16:13","problem_types":["CWE-502","CWE-502 CWE-502 Deserialization of Untrusted Data"],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"6023","Ordinal":"1","Title":"Deserialization of Untrusted Data Vulnerability in Telerik UI fo","CVE":"CVE-2026-6023","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"6023","Ordinal":"1","NoteData":"In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.","Type":"Description","Title":"Deserialization of Untrusted Data Vulnerability in Telerik UI fo"}]}}}