Remote Code Execution Vulnerability in Digital Knowledge's KnowledgeDeliver Software
CVE-2026-5426

Currently unrated

Key Information:

Vendor: Digital Knowledge
Status: Knowledgedeliver
Vendor: CVE Published:; 16 April 2026

🔔 Create Digital Knowledge Vulnerability Alert

What is CVE-2026-5426?

A hard-coded machineKey value in Digital Knowledge's KnowledgeDeliver software, prior to February 24, 2026, enables attackers to bypass ViewState validation. This vulnerability can be exploited through malicious ViewState deserialization attacks, allowing unauthorized remote code execution. Proper handling and configuration of machineKey values are critical to mitigate this risk.

Affected Version(s)

KnowledgeDeliver 0 < 20260224

References

https://github.com/mandiant/Vulnerability-Disclosures/blo...

third-party-advisory

https://www.digital-knowledge.co.jp/product/kd/

product

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 2, 2026

CVE-2026-5426 Data

JSON