CVE-2026-5426
KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value
CVSS Score
9.1
EPSS Score
0.1%
EPSS Percentile
22th
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks
| CWE | CWE-321 CWE-502 |
| Vendor | digital knowledge |
| Product | knowledgedeliver |
| Published | Apr 16, 2026 |
| Last Updated | May 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for digital knowledge knowledgedeliver
Be the first to know when new critical vulnerabilities affecting digital knowledge knowledgedeliver are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Digital Knowledge / KnowledgeDeliver
0 < 20260224
References
github.com: https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0009.md digital-knowledge.co.jp: https://www.digital-knowledge.co.jp/product/kd/ cloud.google.com: https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability