BeyondMachines 

KnowledgeDeliver Zero-Day Flaw Exploited to Deploy Web Shells

KnowledgeDeliver LMS installations are being targeted by a zero-day deserialization vulnerability (CVE-2026-5426) caused by hardcoded machine keys, allowing attackers to deploy web shells and Cobalt Strike backdoors.

**If you run Digital Knowledge's KnowledgeDeliver LMS, immediately replace the default ASP.NET machine keys in your web.config with unique, cryptographically strong ones to block these attacks. If possible, restrict portal access to trusted IP ranges, and monitor Windows Application logs for Event ID 1316 (ViewState verification failures).**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/knowledgedeliver-zero-day-flaw-exploited-to-deploy-web-shells-5-x-f-c-n/gD2P6Ple2L

KnowledgeDeliver Zero-Day Flaw Exploited to Deploy Web Shells

KnowledgeDeliver LMS installations are being targeted by a zero-day deserialization vulnerability (CVE-2026-5426) caused by hardcoded machine keys, allowing attackers to deploy web shells and Cobalt Strike backdoors.

BeyondMachines
May 27 at 8:01pmWeb