CVE-2026-5426

CRITICAL EXPLOITED

KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value

Title source: cna
STIX 2.1

Exploitation Summary

CVE-2026-5426 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including HORKimhab.

AI-analyzed exploit summary The repository contains no actual exploit code or technical details for CVE-2026-5426. It only includes a template README with generic usage instructions, a placeholder .gitignore, a license file, and a CVE ID template.

Description

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

Exploits (1)

github STUB
by HORKimhab · poc
https://github.com/HORKimhab/CVE-2026-5426

The repository contains no actual exploit code or technical details for CVE-2026-5426. It only includes a template README with generic usage instructions, a placeholder .gitignore, a license file, and a CVE ID template.

Classification
Stub 95%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unspecified
No auth needed
devstral-2 · analyzed May 26, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.1
EPSS 0.0007
EPSS Percentile 21.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2026-05-25
CWE
CWE-321 CWE-502
Status published
Products (1)
Digital Knowledge/KnowledgeDeliver < 20260224
Published Apr 16, 2026
Tracked Since Apr 16, 2026