<0.1% probability · 16.2th percentile — 2026-05-12
Affected versions
Progress Telerik UI for AJAX 2024.4.114 through 2026.1.421
Summary
This vulnerability exists in the RadFilter control of Telerik UI for AJAX, which allows insecure deserialization of tampered client-side filter state. A remote attacker can exploit this flaw to achieve server-side remote code execution on the host application server.
Remediation
Upgrade Progress Telerik UI for AJAX to version 2026.1.421 or later to patch this vulnerability. Audit all running instances of Telerik UI in your environment to confirm they are running the patched version. Block untrusted access to endpoints that use the RadFilter control until patching is complete.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.