Vulnerabilities > CVE-2024-7576 - Deserialization of Untrusted Data vulnerability in Telerik UI for WPF

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

telerik

CWE-502

critical

NVD

Published: 2024-09-25

Updated: 2024-10-03

Summary

In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Telerik Telerik UI FOR WPF *	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://docs.telerik.com/devtools/wpf/knowledge-base/unsafe-deserialization-cve-2024-7576