HIGH🇬🇧 English

CVE-2026-6022

CVSS 7.5v3.1pub. 2026-04-22upd. 2026-05-05

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Progress Telerik Ui For Asp.net Ajax

    APP
    Progress
    < 2026.1.421
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2017-11357CRITICAL9.8⚠ KEVten sam produkt

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUploa...

CVE-2021-28141CRITICAL9.8ten sam produkt

An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to M...

CVE-2019-19790CRITICAL9.8ten sam produkt

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image...

CVE-2026-6023HIGH8.1ten sam produkt

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable...

CVE-2025-3600HIGH7.5ten sam produkt

In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exist...

CVE-2026-6022 — HIGH 7.5 | CVEbaza.pl