Progress: >> Telerik Ui For Asp.net Ajax >> 2016.2.607 Security Vulnerabilities
In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-04-22
In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-25
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-05-14