What is the CVSS score of CVE-2026-6023?

CVE-2026-6023 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Telerik UI for ASP.NET AJAX are affected by CVE-2026-6023?

Progress Telerik UI for ASP.NET AJAX versions 2024.4.1114 through 2026.1.421 contain a critical remote code execution vulnerability in the RadFilter control that allows unauthenticated attackers to…. A patch is available.

How to fix or mitigate CVE-2026-6023?

Within 24 hours: Inventory all systems running Progress Telerik UI for ASP.NET AJAX and identify which are running affected versions 2024.4.1114-2026.1.421; disable or restrict network access to RadFilter controls if possible. Within 7 days: Contact Progress Software for patch availability and ETA; implement network segmentation or WAF rules to block malicious filter state payloads targeting RadFilter endpoints. Within 30 days: Apply vendor-released patch immediately upon availability; if patch remains unavailable, complete migration to unaffected versions or implement compensating controls.

Telerik UI for ASP.NET AJAX CVE-2026-6023

EUVD-2026-24632 HIGH

Deserialization of Untrusted Data (CWE-502)

2026-04-22 ProgressSoftware

GHSA-mcrv-gh25-252c

Deserialization RCE Telerik Ui For Asp Net Ajax

8.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.1 HIGH

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 21:37 vuln.today

cvss_changed

Patch released

Apr 22, 2026 - 21:23 nvd

Patch available

Apr 22, 2026 - 09:01 EUVD

Analysis Generated

Apr 22, 2026 - 08:24 vuln.today

EUVD ID Assigned

Apr 22, 2026 - 08:00 euvd

EUVD-2026-24632

Analysis Generated

Apr 22, 2026 - 08:00 vuln.today

CVE Published

Apr 22, 2026 - 07:13 nvd

HIGH 8.1

DescriptionCVE.org

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.

AnalysisAI

Remote code execution in Progress Telerik UI for ASP.NET AJAX via insecure deserialization in the RadFilter control allows unauthenticated remote attackers to execute arbitrary code on the server by tampering with exposed client-side filter state. Affected versions span 2024.4.1114 through 2026.1.421. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify ASP.NET app with RadFilter

Delivery

Capture client-exposed serialized state

Exploit

Craft malicious deserialization payload

Execution

Submit tampered state to server

Persist

Trigger deserialization

Impact

Execute arbitrary code as application pool identity

Access

Identify ASP.NET app with RadFilter

Delivery

Capture client-exposed serialized state

Exploit

Craft malicious deserialization payload

Execution

Submit tampered state to server

Persist

Trigger deserialization

Impact

Execute arbitrary code as application pool identity

Vulnerability AssessmentAI

Exploitation	Exploitation requires that the vulnerable RadFilter control is configured to expose filter state to the client rather than storing it server-side only. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Real-world risk requires careful assessment of multiple signals. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker scans public-facing ASP.NET applications to identify those using Progress Telerik UI for AJAX with the RadFilter control enabled. Using browser developer tools, the attacker inspects HTTP responses and identifies the serialized RadFilter state embedded in ViewState or a hidden form field. …
Remediation	Upgrade to Progress Telerik UI for ASP.NET AJAX version 2026.2.513 or later, which addresses the deserialization vulnerability in RadFilter state handling per vendor advisory available at https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running Progress Telerik UI for ASP.NET AJAX and identify which are running affected versions 2024.4.1114-2026.1.421; disable or restrict network access to RadFilter controls if possible. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-6023 vulnerability details – vuln.today

Back

Telerik UI for ASP.NET AJAX CVE-2026-6023

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code