CVE-2024-1800

CRITICAL

Progress Telerik Report Server < 10.0.24.130 - Remote Code Execution via Insecure Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-1800. PoCs published by sinsinology, gh-ost00, SinSinology, Soroush Dalili, Unknown, Spencer McIntyre, including Metasploit module exploits/windows/http/telerik_report_server_deserialization.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-4358 and CVE-2024-1800, targeting Progress Telerik Report Server. The exploit chains an authentication bypass with a deserialization vulnerability to achieve pre-authenticated remote code execution.

Description

In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.

Exploits (3)

github WORKING POC 78 stars
by sinsinology · pythonpoc
https://github.com/sinsinology/CVE-2024-4358

This repository contains a functional exploit for CVE-2024-4358 and CVE-2024-1800, targeting Progress Telerik Report Server. The exploit chains an authentication bypass with a deserialization vulnerability to achieve pre-authenticated remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Progress Telerik Report Server (versions 2012-2024)
No auth needed
Prerequisites: Network access to the target server · Python environment with required libraries
devstral-2 · analyzed Feb 19, 2026 Full analysis →
github WORKING POC 4 stars
by gh-ost00 · pythonpoc
https://github.com/gh-ost00/CVE-2024-4358

This repository contains a functional exploit for CVE-2024-4358, targeting Telerik Report Server with an authentication bypass and deserialization RCE. The script automates user registration, token acquisition, and payload delivery to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Telerik Report Server
No auth needed
Prerequisites: Network access to the target Telerik Report Server · Python environment with required dependencies (aiohttp, asyncio, etc.)
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by SinSinology, Soroush Dalili, Unknown, Spencer McIntyre · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/telerik_report_server_deserialization.rb

This Metasploit module exploits CVE-2024-4358 (auth bypass) and CVE-2024-1800 (.NET deserialization) to achieve RCE on Telerik Report Server. It creates an admin account, uploads a malicious report, and triggers command execution as NT AUTHORITY\SYSTEM.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Telerik Report Server <= 10.0.24.130
No auth needed
Prerequisites: Network access to target · Telerik Report Server exposed on port 83
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.9
EPSS 0.7233
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-502
Status published
Products (1)
progress/telerik_report_server < 10.0.24.130
Published Mar 20, 2024
Tracked Since Feb 18, 2026