Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Digital Knowledge KnowledgeDeliver: Hard-coded Machine Key Exposes ViewState Validation
CVE-2026-5426
Summary
A hard-coded security setting in older versions of Digital Knowledge KnowledgeDeliver makes it easier for hackers to bypass security checks and potentially take control of your system. This affects anyone using KnowledgeDeliver before a certain date, which is February 24, 2026. To fix this, update KnowledgeDeliver to the latest version.
Original title
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve rem...
Original description
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks
Vulnerability type
CWE-321
Use of Hard-coded Cryptographic Key
CWE-502
Deserialization of Untrusted Data
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 16 Apr 2026