CVE-2026-5426

CVE-2026-5426: KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value

Vendor Digital Knowledge
Product KnowledgeDeliver
Weakness CWE-321
Published April 16, 2026
Last update May 27, 2026

CVSS base score

What the vulnerability does

01Description

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

Key dates

02Disclosure timeline

April 16, 2026 CVE published
May 27, 2026 Record updated

Related vulnerabilities

04Related CVE