Ghostwire

CVE-2026-6023: In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to...

HIGH CVSS 8.1 Exploit Available

Published: April 22, 2026 | Last Modified: April 22, 2026

Description

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-de
www.tenable.com/cve/CVE-2026-6023
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-6023