CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
CVSS
—
No CVSS
EPSS
99.7%
p100
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
99.7%EPSS · 30 days99.7%
2026-06-302026-07-16
Product
Progress / Telerik UI for ASP.NET AJAX
Vulnerability
Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
Yes
Summary description
Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-18935
No related CVEs by CWE or product.