Zero Day MonitorZDM

CVE-2026-5426: KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value — Zero Day Monitor

← Back to list

9.1

CVE-2026-5426KEVEXPLOITEDPATCHED

digital knowledge · knowledgedeliver

KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value

Description

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

Affected Products

Vendor	Product	Versions
digital knowledge	knowledgedeliver	0

References

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0009.md(third-party-advisory)
https://www.digital-knowledge.co.jp/product/kd/(product)
https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability(third-party-advisory)

Related News (4 articles)

Tier D

SecurityWeek8h ago

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

→ No new info (linked only)

Tier D

The Hacker News14h ago

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

→ No new info (linked only)

Tier C

Mandiant Blog1d ago

Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability

→ No new info (linked only)

Tier C

VulDB40d ago

CVE-2026-5426 | Digital Knowledge KnowledgeDeliver prior 20260224 ViewState machineKey hard-coded key (MNDT-2026-0009)

CVSS 3.19.1 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

20260224

CWECWE-321, CWE-502

PublishedApr 16, 2026

Last enriched7h agov4

Tags

CVE-2026-5426RCEGodzillaCobalt Strike

Trending Score128🔥

Source articles4

Independent4