High severity7.5NVD Advisory· Published Apr 16, 2026· Updated Apr 18, 2026

CVE-2026-5426

Description

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

Affected products

Mandiant/Vulnerability Disclosuresreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0009.mdnvd
www.digital-knowledge.co.jp/product/kd/nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000