CVE-2026-2878 — MEDIUM (5.3)

Q: How severe is CVE-2026-2878?

CVE-2026-2878 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-2878?

Check the references section above for vendor advisories and patch information. Affected products include: Progress Telerik Ui For Asp.Net Ajax.

Vulnerability Description

In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Progress	Telerik Ui For Asp.Net Ajax	< 2026.1.225

Related Weaknesses (CWE)

CWE-331

References

https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-secMitigationVendor Advisory

FAQ

What is CVE-2026-2878?

CVE-2026-2878 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filena...

How severe is CVE-2026-2878?

CVE-2026-2878 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-2878?

Check the references section above for vendor advisories and patch information. Affected products include: Progress Telerik Ui For Asp.Net Ajax.