CVE-2026-5426

CRITICAL

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

CVSS v3.1 Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Published: 4/16/2026Modified: 5/26/2026

Related Intelligence (2)

CRITICALZero Day

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to

CVE-2026-5426

May 26, 2026The Hacker News

CRITICALZero Day

Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability

<div class="block-paragraph_advanced"><p>Written by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek</p> <hr/></div> <div class="block-paragraph_advanced"><h3><span style="vertical-align: baseline;">Introduction</span></h3> <p><span style="vertical-align: baseline;">In late 2025, Mandiant responded to a security incident involving a compromised web server running </span><a href="https://www.dig

CVE-2026-5426

May 25, 2026Mandiant

References (3)

https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0009.md https://www.digital-knowledge.co.jp/product/kd/