All Telerik Report Server instances before version 10.1.24.709 are affected by the bug, which could be leveraged to facilitate remote code execution, according to Progress Software. Also addressed by the firm is a high-severity insecure type resolution issue in its Telerik Reporting tool, tracked as CVE-2024-6096, which could be exploited to result in object injection attack-enabled RCE.

Source: SC Magazine