# CVE-2026-5426

> Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

- **CVSS:** 9.1 (CRITICAL)
- **EPSS:** 0.1%
- **CWE:** CWE-321, CWE-502

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-5426
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp