PT-2026-21919 · Progress · Telerik Ui For Asp.Net Ajax

Monetary Authority

Published

2026-02-25

Updated

2026-02-25

CVE-2026-2878

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Telerik UI for AJAX versions prior to 2026.1.225

Description RadAsyncUpload contains an issue where a predictable temporary identifier is generated based on the timestamp and filename. This lack of sufficient entropy can lead to collisions and allow for file content tampering.

Recommendations Update to version 2026.1.225.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331

Related Identifiers

CVE-2026-2878

Affected Products

Telerik Ui For Asp.Net Ajax

PT-2026-21919 · Progress · Telerik Ui For Asp.Net Ajax

CVE-2026-2878

Weakness Enumeration

Related Identifiers

Affected Products

References · 3