CVE-2026-5426

Published: Apr 16, 2026 Last Modified: Apr 16, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

321

Use of Hard-coded Cryptographic Key

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Read Application Data

Applicable Platforms

Technologies: ICS/OT

Likelihood of Exploit: High

View CWE Details

502

Deserialization of Untrusted Data

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Other

Potential Impacts:

Modify Application Data Unexpected State Dos: Resource Consumption (Cpu) Varies By Context

Applicable Platforms

Languages: Java, JavaScript, PHP, Python, Ruby

Technologies: AI/ML, ICS/OT, Not Technology-Specific

Likelihood of Exploit: Medium

View CWE Details

https://github.com/mandiant/Vulnerability-Disclosures/blob/…

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-202…

https://www.digital-knowledge.co.jp/product/kd/

CVE-2026-5426

Description

Use of Hard-coded Cryptographic Key

Common Consequences

Applicable Platforms

Deserialization of Untrusted Data

Common Consequences

Applicable Platforms

Iscriviti alla newsletter