Vulnerability Details CVE-2026-6022
In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.1%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-6022
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:-
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2011.1.315
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2011.1315
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2011.1413
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2011.1519
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2011.2712
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2011.2915
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2011.3.1305
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2011.31115
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2012.1.215
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2012.1.411
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2012.2.607
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2012.2.724
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2012.2.912
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2012.3.1016
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2012.3.1205
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2012.3.1308
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2013.1.220
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2013.1.403
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2013.1.417
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2013.2.611
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2013.2.717
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2013.3.1015
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2013.3.1114
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2013.3.1324
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2014.1.225
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2014.1.403
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2014.2.618
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2014.2.724
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2014.3.1024
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2014.3.1209
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2015.1.204
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2015.1.225
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2015.2.604
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2015.2.623
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2015.2.729
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2015.2.826
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2015.3.1111
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2015.3.930
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2016.1.113
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2016.1.225
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2016.2.504
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2016.2.607
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2016.3.1018
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2016.3.1027
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2016.3.914
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2017.1.118
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2017.1.228
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2017.2.503
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2017.2.621
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2017.2.711
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2017.3.913
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2018.1.117
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2018.2.516
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2018.2.710
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2018.3.910
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2019.1.115
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2019.1.215
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2019.2.514
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2019.3.1023
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2019.3.917
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2020.1.114
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2020.1.219
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2020.2.5112
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2020.2.617
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2020.3.1021
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2020.3.915
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2021.1.119
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2021.1.224
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2021.1.330
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2021.2.511
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2021.2.616
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2021.3.1111
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2021.3.914
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2022.1.119
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2022.1.302
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2022.2.511
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2022.2.622
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2022.3.1109
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2022.3.913
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2023.1.117
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2023.1.314
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2023.1.323
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2023.2.606
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2023.2.714
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2023.3.1010
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2024.1.131
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2024.2.513
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2024.3.805
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2024.4.1113
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2024.4.1114
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.1.211
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.1.218
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.1.416
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.2.520
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.2.528
-
cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:2025.2.609