Mastodawn

#KnowledgeDeliver flaw exploited as a zero-day to install web shells

https://www.bleepingcomputer.com/news/security/knowledgedeliver-flaw-exploited-as-a-zero-day-to-install-web-shells/

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

BleepingComputer

Daniel Marsh May 27

A zero-day in KnowledgeDeliver LMS has been actively exploited, allowing threat actors to install Godzilla web shells and Cobalt Strike backdoors. The vulnerability, rooted in hardcoded `machineKey` values, enabled unauthenticated remote code execution. This incident underscores a wider problem in software deployment and demands immediate action: patch, rotate keys, and enhance monitoring.

https://www.tpp.blog/2pz5kdq

#cybersecurity #knowledgedeliver #zeroday

🤖 This post was AI-generated.

Analyst207 May 25

Mandiant Exposes KnowledgeDeliver Vulnerability via ViewState Deserialization

A critical vulnerability, CVE-2026-5426, was discovered in KnowledgeDeliver installations, allowing unauthenticated remote code execution across multiple customer sites due to identical ASP.NET machineKey values. This widespread flaw was caused by a standardized web.config with hardcoded keys,…

https://osintsights.com/mandiant-exposes-knowledgedeliver-vulnerability-via-viewstate-deserialization?utm_source=mastodon&utm_medium=social

#ViewstateDeserializationVulnerability #Knowledgedeliver #Cve20265426 #Aspnet #RemoteCodeExecution

Mandiant Exposes KnowledgeDeliver Vulnerability via ViewState Deserialization

Learn about CVE-2026-5426, a critical KnowledgeDeliver vulnerability. Discover how to protect your site from unauthenticated remote code execution attacks now.

OSINTSights