CVE-2026-5426

UNKNOWN 0.0

KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

CWE	CWE-321 CWE-502
Vendor	digital knowledge
Product	knowledgedeliver
Published	Apr 16, 2026
Last Updated	Apr 16, 2026

Stay Ahead of the Next One

Get instant alerts for digital knowledge knowledgedeliver

Be the first to know when new unknown vulnerabilities affecting digital knowledge knowledgedeliver are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Digital Knowledge / KnowledgeDeliver

0 < 20260224

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0009.md digital-knowledge.co.jp: https://www.digital-knowledge.co.jp/product/kd/