What is CVE-2026-6022?

CVE-2026-6022 is a high-severity vulnerability in Progress Telerik_ui_for_asp.net_ajax, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2026-04-22.

How severe is CVE-2026-6022?

High severity. CVSS v3 base score is 7.5 out of 10.

Resource exhaustion in Progress Telerik_ui_for_asp.net_ajax

CVE-2026-6022

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement dur…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.001 (29.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Progress Telerik_ui_for_asp.net_ajax
Progress Software Telerik Ui For Asp.net Ajax — versions 2011.2.712

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

security@progress.com (vendor-advisory, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2026-6022?: CVE-2026-6022 is a high-severity vulnerability in Progress Telerik_ui_for_asp.net_ajax, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2026-04-22.
How severe is CVE-2026-6022?: High severity. CVSS v3 base score is 7.5 out of 10.