Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-2878
PUBLISHED
More InfoOfficial Page
Assigner-ProgressSoftware
Assigner Org ID-f9fea0b6-671e-4eea-8fde-31911902ae05
View Known Exploited Vulnerability (KEV) details
Published At-25 Feb, 2026 | 14:45
Updated At-27 Feb, 2026 | 17:06
Rejected At-
▼CVE Numbering Authority (CNA)
Insufficient Entropy Vulnerability in Telerik UI for ASP.NET AJAX

In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.

Affected Products
Vendor
Progress Software CorporationProgress Software
Product
Telerik UI for ASP.NET AJAX
Default Status
unaffected
Versions
Affected
  • From 2011.2.712 before 2026.1.225 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-331CWE-331 Insufficient Entropy
Type: CWE
CWE ID: CWE-331
Description: CWE-331 Insufficient Entropy
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-149CAPEC-149 Explore for Predictable Temporary File Names
CAPEC-26CAPEC-26 Leveraging Race Conditions
CAPEC ID: CAPEC-149
Description: CAPEC-149 Explore for Predictable Temporary File Names
CAPEC ID: CAPEC-26
Description: CAPEC-26 Leveraging Race Conditions
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Monetary Authority of Singapore
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-insufficient-entropy-cve-2026-2878
vendor-advisory
Hyperlink: https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-insufficient-entropy-cve-2026-2878
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found