EUVD-2026-24631
GHSA-vf2r-6g4x-jc4h
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionNVD
In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.
AnalysisAI
Uncontrolled resource consumption in Progress Telerik UI for AJAX RadAsyncUpload component allows remote unauthenticated attackers to exhaust disk space by uploading files exceeding configured size limits through chunked upload bypass. The vulnerability arises from missing cumulative size validation during chunk reassembly, enabling attackers to circumvent intended upload restrictions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all applications using Progress Telerik UI for AJAX and document current RadAsyncUpload component versions. Within 7 days: Upgrade affected instances to Progress Telerik UI for AJAX version 2026.1.421 or later; coordinate with development and operations teams for testing in non-production environments first. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today