CVE-2026-2878

MEDIUM 5.3

Insufficient Entropy Vulnerability in Telerik UI for ASP.NET AJAX

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.

CWE	CWE-331
Vendor	progress software
Product	telerik ui for asp.net ajax
Published	Feb 25, 2026
Last Updated	Feb 27, 2026

Stay Ahead of the Next One

Get instant alerts for progress software telerik ui for asp.net ajax

Be the first to know when new medium vulnerabilities affecting progress software telerik ui for asp.net ajax are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

Progress Software / Telerik UI for ASP.NET AJAX

2011.2.712 < 2026.1.225

References

NVD ↗ CVE.org ↗ EPSS Data ↗

telerik.com: https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-insufficient-entropy-cve-2026-2878

Credits

Monetary Authority of Singapore