CVE-2026-5426

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321CWE-502

Related Identifiers

CVE-2026-5426

Affected Products

Knowledgedeliver

CVE-2026-5426

Weakness Enumeration

Related Identifiers

Affected Products

References · 3