Security News > 2024 > June > Exploit for critical Progress Telerik auth bypass released, patch now

Researchers have published a proof-of-concept exploit script demonstrating a chained remote code execution vulnerability on Progress Telerik Report Servers.
Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.
Although exploiting the deserialization bug is complex, Kheirkhah's write-up and exploit Python script are publicly available, making the case pretty straightforward for aspiring attackers.
QNAP QTS zero-day in Share feature gets public RCE exploit.
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers.
Exploit released for maximum severity Fortinet RCE bug, patch now.
News URL
Related news
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Juniper patches critical auth bypass in Session Smart routers (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- New SuperBlack ransomware exploits Fortinet auth bypass flaws (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)