CRITICAL
Digital Knowledge
CVE published 2026-04-16
CVE-2026-5426
A critical vulnerability in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026, involves hard-coded ASP.NET/IIS machineKey values that enable adversaries to bypass ViewState validation and achieve remote code execution through malicious ViewState deserialization attacks. The vulnerability carries a CVSS 3.1 score of 9.1 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H [truncated]