The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2024-6096

CVE-2024-6096: Progress Telerik Reporting RCE Vulnerability

CVE-2024-6096 is a remote code execution vulnerability in Progress Telerik Reporting caused by insecure type resolution. Attackers can execute code through object injection. This article covers technical details.

Updated: January 22, 2026

CVE-2024-6096 Overview

CVE-2024-6096 is a critical insecure deserialization vulnerability affecting Progress® Telerik® Reporting versions prior to 18.1.24.709. The vulnerability exists due to an insecure type resolution mechanism that allows attackers to execute arbitrary code through object injection. This unsafe reflection vulnerability enables remote attackers to craft malicious serialized objects that, when processed by the application, result in arbitrary code execution on the target system.

Critical Impact

Unauthenticated attackers can achieve remote code execution through object injection via insecure type resolution, potentially leading to complete system compromise with full confidentiality, integrity, and availability impact.

Affected Products

  • Progress Telerik Reporting versions prior to 18.1.24.709

Discovery Timeline

  • 2024-07-24 - CVE-2024-6096 published to NVD
  • 2025-04-25 - Last updated in NVD database

Technical Details for CVE-2024-6096

Vulnerability Analysis

This vulnerability is classified under CWE-470 (Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')). The flaw exists in how Telerik Reporting handles type resolution during deserialization operations. When processing user-supplied input, the application fails to properly validate or restrict the types that can be instantiated through reflection mechanisms.

The attack is network-accessible and requires no authentication or user interaction, making it particularly dangerous in enterprise environments where Telerik Reporting is exposed to network traffic. An attacker can exploit this vulnerability by sending specially crafted requests containing malicious serialized payloads that specify arbitrary types for instantiation.

Root Cause

The root cause of CVE-2024-6096 lies in the unsafe handling of type information during deserialization operations. The Telerik Reporting component uses reflection to instantiate objects based on type information provided in serialized data without proper validation. This allows attackers to specify malicious types that execute arbitrary code upon instantiation.

The vulnerable code path fails to implement a secure type allowlist or blocklist, permitting the instantiation of dangerous types that can be leveraged for code execution. This is a common pattern in .NET deserialization vulnerabilities where gadget chains can be constructed to achieve arbitrary command execution.

Attack Vector

The attack vector is network-based, allowing remote exploitation without authentication. An attacker would typically:

  1. Identify an endpoint that processes serialized data through Telerik Reporting
  2. Craft a malicious serialized payload containing type references to dangerous .NET classes
  3. Submit the payload to the vulnerable endpoint
  4. The application deserializes the payload using unsafe reflection, instantiating the attacker-controlled types
  5. The malicious type's constructor or methods execute arbitrary code on the server

The vulnerability allows object injection via insecure type resolution, which is a well-known attack pattern against .NET applications. Attackers can leverage existing gadget chains in the .NET framework or third-party libraries to construct payloads that achieve remote code execution. For detailed technical information, refer to the Telerik Knowledge Base article.

Detection Methods for CVE-2024-6096

Indicators of Compromise

  • Unusual or malformed requests containing serialized .NET objects sent to Telerik Reporting endpoints
  • Unexpected process spawning from the web application or IIS worker processes
  • Anomalous network connections initiated from the server hosting Telerik Reporting
  • Evidence of command execution or PowerShell activity originating from the reporting service

Detection Strategies

  • Monitor HTTP traffic for requests containing suspicious serialized object patterns targeting Telerik Reporting components
  • Implement application-level logging to capture deserialization events and type resolution activities
  • Deploy endpoint detection and response (EDR) solutions to identify post-exploitation behaviors such as process injection or credential access
  • Utilize web application firewalls (WAF) with rules to detect common .NET deserialization attack patterns

Monitoring Recommendations

  • Enable verbose logging on Telerik Reporting endpoints to capture request payloads and processing details
  • Monitor for unusual child processes spawned by the web server hosting Telerik Reporting
  • Set up alerts for outbound connections from the reporting server to unexpected destinations
  • Implement file integrity monitoring on the Telerik Reporting installation directory

How to Mitigate CVE-2024-6096

Immediate Actions Required

  • Upgrade Progress Telerik Reporting to version 18.1.24.709 or later immediately
  • If immediate patching is not possible, consider temporarily disabling or restricting network access to Telerik Reporting endpoints
  • Review application logs for any indicators of exploitation attempts
  • Implement network segmentation to limit exposure of Telerik Reporting services

Patch Information

Progress has released version 18.1.24.709 of Telerik Reporting which addresses this vulnerability. Organizations should upgrade to this version or later as soon as possible. The official vendor advisory and remediation guidance is available at the Telerik Knowledge Base. Additional security information is available in the NetApp Security Advisory.

Workarounds

  • Restrict network access to Telerik Reporting endpoints using firewall rules or network ACLs to trusted IP addresses only
  • Implement a web application firewall (WAF) with rules to block requests containing suspicious serialized object patterns
  • Enable authentication requirements on all Telerik Reporting endpoints if not already enforced
  • Consider placing Telerik Reporting behind a reverse proxy with request inspection capabilities
bash
# Example: Restrict access to Telerik Reporting endpoints via IIS URL Rewrite
# Add to web.config to block direct access from untrusted networks
# Note: Replace with your specific endpoint paths and trusted IP ranges

# Windows Firewall rule to restrict access (PowerShell)
New-NetFirewallRule -DisplayName "Restrict Telerik Reporting" -Direction Inbound -LocalPort 80,443 -Protocol TCP -RemoteAddress "10.0.0.0/8" -Action Allow

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeRCE
  • Vendor/TechProgress Telerik Reporting
  • SeverityCRITICAL
  • CVSS Score9.8
  • EPSS Probability0.46%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-470
  • Technical References
  • NetApp Security Advisory: NTAP-20250425-0003
  • Vendor Resources
  • Telerik Knowledge Base: CVE-2024-6096
  • Latest CVEs
  • CVE-2025-70797: LimeSurvey XSS Vulnerability
  • CVE-2025-30650: Juniper Junos OS Auth Bypass Vulnerability
  • CVE-2026-35471: Goshs Path Traversal Vulnerability
  • CVE-2026-35393: Goshs Path Traversal Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English