Tag: cve 2026 5426
3 articles

Hackers Exploit KnowledgeDeliver Flaw to Install Web Shells
Hackers have exploited a critical flaw in KnowledgeDeliver, using it as a zero-day to sneakily install a powerful .NET web shell called Godzilla on vulnerable servers. This sneaky attack was made possible by a deserialization vulnerability, CVE-2026-5426, that allowed threat actors to execute code at the operating-system level.

KnowledgeDeliver LMS Flaw Exploited to Deploy Malware
A security flaw in the KnowledgeDeliver LMS, known as CVE-2026-5426, was exploited by a threat actor to inject malicious code and infect users visiting the site. This vulnerability was caused by a predictable secret in the system's web.config file, allowing attackers to execute remote code.

Mandiant Exposes KnowledgeDeliver Vulnerability via ViewState Deserialization
A critical vulnerability, CVE-2026-5426, was discovered in KnowledgeDeliver installations, allowing unauthenticated remote code execution across multiple customer sites due to identical ASP.NET machineKey values. This widespread flaw was caused by a standardized web.config with hardcoded keys, used across deployments, leaving sites vulnerable to attack.