CVE-2026-2878

Medium CVSS: 5.3

In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.

Vendor

Progress

Product

Telerik Ui For Asp.net Ajax

CWE

CWE-331

Yayın Tarihi

2026-02-25 15:20:54

Güncelleme

2026-02-26 15:23:31

Source Identifier

security@progress.com

KEV Date Added

Kategoriler

CWE-331 Telerik Ui For Asp.net Ajax MEDIUM Progress 2026

Referanslar

https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-insufficient-entropy-cve-2026-2878

Benzer Kayıtlar

High

CVE-2025-13447

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker…

High

CVE-2025-13444

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker…

High

CVE-2025-13774

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability…

Low

CVE-2025-11235

Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MO…

Medium

CVE-2025-13147

Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before…

High

CVE-2025-6504

In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-…