Threat Intelligence / CVE / CVE-2026-5426

CVE-2026-5426

CVSS 9.1 (CRITICAL) · EPSS 0.1% · Published 2026-04-16

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-321, CWE-502

Threats tracking this CVE

KnowledgeDeliver LMS ViewState Deserialization Zero-Day CVE-2026-5426 — Unauthenticated RCE via Shared ASP.NET machineKey + BLUEBEAM (Godzilla) Web Shell and Cobalt Strike BEACON Watering Hole — CRITICAL

References

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0009.md
https://www.digital-knowledge.co.jp/product/kd/
https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability

Full detection coverage & IOCs for threats exploiting CVE-2026-5426 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence