Critical severity9.1NVD Advisory· Published Apr 16, 2026· Updated May 26, 2026
CVE-2026-5426
CVE-2026-5426
Description
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: prior to February 24, 2026
Patches
Vulnerability mechanics
References
3News mentions
5- KnowledgeDeliver flaw exploited as a zero-day to install web shellsBleepingComputer · May 26, 2026
- Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell DeploymentSecurityWeek · May 26, 2026
- KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt StrikeThe Hacker News · May 26, 2026
- KnowledgeDeliver LMS Zero-Day Exploited to Deploy BLUEBEAM Web ShellCyber Security News · May 25, 2026
- Exploitation of KnowledgeDeliver via ViewState Deserialization VulnerabilityMandiant Threat Intelligence · May 25, 2026