Progress Telerik Report Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Progress Telerik Report Server.
By the Year
In 2026 there have been 0 vulnerabilities in Progress Telerik Report Server. Last year, in 2025 Telerik Report Server had 1 security vulnerability published. Right now, Telerik Report Server is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 6.50 |
| 2024 | 8 | 7.39 |
It may take a day or so for new Telerik Report Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Progress Telerik Report Server Security Vulnerabilities
Telerik Report Server <11.0.25.211: Unencrypted Tunnel Allows Network Sniffing
CVE-2025-0556
6.5 - Medium
- February 12, 2025
In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.
Cleartext Transmission of Sensitive Information
In Progress® Telerik® Report Server: Weak Encryption Vulnerability in Local Asset Data
CVE-2024-7295
6.2 - Medium
- November 13, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
Use of Hard-coded Credentials
RCE via Object Injection in Telerik Report Server <=10.2.24.924
CVE-2024-8015
7.2 - High
- October 09, 2024
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
Reflection Injection
Progress Telerik Report Server <10.2.24.806: Excessive Logins -> Cred Stuffing
CVE-2024-7292
8.8 - High
- October 09, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
Improper Restriction of Excessive Authentication Attempts
DoS via UnrateLimEndpoints in Telerik Report Server <10.2.24.806
CVE-2024-7294
6.5 - Medium
- October 09, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
Resource Exhaustion
Telerik Report Server RCE via insecure deserialization (pre-10.1.24.709)
CVE-2024-6327
9.8 - Critical
- July 24, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.
Marshaling, Unmarshaling
Unauth Access Trust Boundary Violation in Telerik Report Server <10.0.24 (2024 Q1) on IIS
CVE-2024-4837
5.3 - Medium
- May 15, 2024
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.
Progress Telerik Report Server <10.0.24.305: XEE Info Disclosure
CVE-2024-4357
6.5 - Medium
- May 15, 2024
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.
XXE
RCE via Deserialization in Telerik Report Server <10.0.24.130
CVE-2024-1800
8.8 - High
- March 20, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
Marshaling, Unmarshaling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Progress Telerik Report Server or by Progress? Click the Watch button to subscribe.
