Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.

Basic Information

ID CVE-2026-6022

Source ProgressSoftware

Published Apr 22, 2026 at 07:07

Affected Product

Vendor Progress Software

Product Telerik UI for ASP.NET AJAX

Version 2011.2.712

Affected Versions Progress Software Telerik UI for ASP.NET AJAX 2011.2.712

CWE Classification

CWE-400

References

www.telerik.com /products/aspnet-ajax/documentation/knowledge-base/kb-security-uncontrolled-resource-consumption-cve-2026-6022

{
    "lastseen": "",
    "description": "In Progress\u00ae Telerik\u00ae UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.",
    "published": "2026-04-22T07:07:30.795Z",
    "modified": "2026-04-22T07:07:30.795Z",
    "type": "cve",
    "title": "Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX",
    "source": "ProgressSoftware",
    "references": "https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-uncontrolled-resource-consumption-cve-2026-6022",
    "id": "CVE-2026-6022",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400"
    ],
    "cvelist": null,
    "sourceData": "Progress Software Telerik UI for ASP.NET AJAX 2011.2.712",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Telerik UI for ASP.NET AJAX",
    "version": "2011.2.712",
    "vendor": "Progress Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX_CVE-2026-6022