Skip to main content

Tag: cve 2026 5426

3 articles

Server room with rows of equipment and a blurred laptop screen in the foreground.

Hackers Exploit KnowledgeDeliver Flaw to Install Web Shells

Hackers have exploited a critical flaw in KnowledgeDeliver, using it as a zero-day to sneakily install a powerful .NET web shell called Godzilla on vulnerable servers. This sneaky attack was made possible by a deserialization vulnerability, CVE-2026-5426, that allowed threat actors to execute code at the operating-system level.

Analyst 207
Laptop on student desk shows login screen in bright campus library setting.

KnowledgeDeliver LMS Flaw Exploited to Deploy Malware

A security flaw in the KnowledgeDeliver LMS, known as CVE-2026-5426, was exploited by a threat actor to inject malicious code and infect users visiting the site. This vulnerability was caused by a predictable secret in the system's web.config file, allowing attackers to execute remote code.

Analyst 207
A computer workstation with a laptop and large monitor sits in a university computer lab or corporate training room.

Mandiant Exposes KnowledgeDeliver Vulnerability via ViewState Deserialization

A critical vulnerability, CVE-2026-5426, was discovered in KnowledgeDeliver installations, allowing unauthenticated remote code execution across multiple customer sites due to identical ASP.NET machineKey values. This widespread flaw was caused by a standardized web.config with hardcoded keys, used across deployments, leaving sites vulnerable to attack.

Analyst 207