The Telerik UI component for ASP.NET AJAX is using weak encryption keys to encrypt data used by RadAsyncUpload. This may allow an attacker to upload arbitrary files, and to achieve remote code execution on the software's underlying host.

It was not confirmed that remote code execution is possible, this alert was issued based on the version of the Telerik UI component.


Upgrade to the latest version, follow the guidance in the RadAsyncUpload Security Guide (, and set all encryption keys.


Related Vulnerabilities