CVE-2024-4358 CRITICAL

CVE-2024-4358: Registration Authentication Bypass Vulnerability

Vendor Progress Software Corporation
Product Telerik Report Server
Weakness CWE-290
KEV Status Known Exploited
Published May 29, 2024
Last update October 21, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

May 29, 2024 CVE published
October 21, 2025 Record updated