PT-2026-34265 · Progress · Telerik Ui For Ajax

Monetary Authority

Published

2026-04-22

Updated

2026-05-05

CVE-2026-6022

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Telerik UI for AJAX versions prior to 2026.1.421

Description RadAsyncUpload contains an uncontrolled resource consumption issue. This occurs because of missing cumulative size enforcement during chunk reassembly, which allows file uploads to exceed the configured maximum size, potentially leading to disk space exhaustion.

Recommendations Update to version 2026.1.421.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2026-6022

Affected Products

Telerik Ui For Ajax

PT-2026-34265 · Progress · Telerik Ui For Ajax

CVE-2026-6022

Weakness Enumeration

Related Identifiers

Affected Products

References · 4