CVE-2026-5426
Hard-coded machineKey in KnowledgeDeliver Enables Remote Code Execution
Publication date: 2026-04-16
Last updated on: 2026-04-18
Assigner: Mandiant Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| digital_knowledge | knowledgedeliver | to 2026-02-24 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026. Because the machineKey is hard-coded, attackers can bypass the ViewState validation mechanisms.
By circumventing ViewState validation, adversaries can perform malicious ViewState deserialization attacks, which can lead to remote code execution on the affected system.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary code remotely on affected systems by exploiting the hard-coded machineKey to bypass ViewState validation.
Remote code execution can lead to full compromise of the affected server, potentially allowing attackers to steal data, disrupt services, or use the system as a foothold for further attacks.