What is CVE-2026-6023?

CVE-2026-6023 is a high-severity vulnerability in Progress Telerik_ui_for_asp.net_ajax, classified under Deserialization of Untrusted Data. CVSS score: 8.1/10. Published 2026-04-22.

How severe is CVE-2026-6023?

High severity. CVSS v3 base score is 8.1 out of 10.

Deserialization in Progress Telerik_ui_for_asp.net_ajax

CVE-2026-6023

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this…

Vulnerability class: Insecure Deserialization

EPSS: 0.000 (15.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Progress Telerik_ui_for_asp.net_ajax
Progress Software Telerik Ui For Asp.net Ajax — versions 2024.4.1114

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

security@progress.com (vendor-advisory, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2026-6023?: CVE-2026-6023 is a high-severity vulnerability in Progress Telerik_ui_for_asp.net_ajax, classified under Deserialization of Untrusted Data. CVSS score: 8.1/10. Published 2026-04-22.
How severe is CVE-2026-6023?: High severity. CVSS v3 base score is 8.1 out of 10.