EUVD-2026-24631

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...

PT-2026-34265

Name of the Vulnerable Software and Affected Versions Telerik UI for AJAX versions prior to 2026.1.421 Description RadAsyncUpload contains an uncontrolled resource consumption issue. This occurs because of missing cumulative size enforcement during chunk reassembly, which allows file uploads to...

EUVD-2026-8655

In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering...

The vulnerability of the Telerik UI software for ASP.NET AJAX, related to the encryption flaws in RadAsyncUpload, allows attackers to perform arbitrary file uploads or execute arbitrary code.

The vulnerability of the Telerik UI software for ASP.NET AJAX is related to the shortcomings of the RadAsyncUpload encryption mechanism. Exploiting this vulnerability allows a malicious actor to perform arbitrary file uploads or execute arbitrary code...

PT-2017-3938

Name of the Vulnerable Software and Affected Versions Telerik UI for ASP.NET AJAX versions prior to R1 2017 Telerik UI for ASP.NET AJAX R2 versions prior to R2 2017 SP2 Description The issue is related to weak encryption in RadAsyncUpload, which allows remote attackers to perform arbitrary file...