What is the CVSS score of EUVD-2026-23271?

EUVD-2026-23271 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Knowledgedeliver are affected by EUVD-2026-23271?

Digital Knowledge KnowledgeDeliver contains a remote code execution vulnerability in ViewState deserialization affecting all versions prior to February 24, 2026.. A patch is available.

How to fix or mitigate EUVD-2026-23271?

Within 24 hours: Inventory all Digital Knowledge KnowledgeDeliver deployments and confirm current versions. Within 7 days: Apply vendor patch to upgrade all instances to February 24, 2026 release or later. Within 30 days: Conduct post-patch verification testing and review access logs for ViewState deserialization attempts (monitor for suspicious Base64-encoded payloads in POST requests to .aspx pages). Implement network segmentation to restrict KnowledgeDeliver access to authorized users only.

Knowledgedeliver EUVD-2026-23271

| CVE-2026-5426 CRITICAL

Use of Hard-coded Cryptographic Key (CWE-321)

2026-04-16 Mandiant

GHSA-g88c-8gfj-6c98

Deserialization RCE Knowledgedeliver

9.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Re-analysis Queued

May 26, 2026 - 18:22 vuln.today

cvss_changed

Severity Changed

May 26, 2026 - 18:22 NVD

HIGH CRITICAL

CVSS changed

May 26, 2026 - 18:22 NVD

7.5 (HIGH) 9.1 (CRITICAL)

Analysis Generated

Apr 18, 2026 - 04:22 vuln.today

CVSS changed

Apr 18, 2026 - 04:22 NVD

7.5 (HIGH)

Patch released

Apr 18, 2026 - 04:16 nvd

Patch available

Apr 16, 2026 - 17:02 EUVD

EUVD ID Assigned

Apr 16, 2026 - 16:00 euvd

EUVD-2026-23271

Analysis Generated

Apr 16, 2026 - 16:00 vuln.today

CVE Published

Apr 16, 2026 - 15:18 nvd

HIGH 7.5

DescriptionCVE.org

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

AnalysisAI

Remote code execution in Digital Knowledge KnowledgeDeliver (all versions prior to February 24, 2026) via malicious ViewState deserialization. A hard-coded ASP.NET machineKey allows unauthenticated remote attackers to bypass ViewState validation and execute arbitrary code on the server. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain hard-coded machineKey from disclosure

Delivery

Craft malicious ViewState with RCE gadget

Exploit

Send forged POST to ASP.NET endpoint

Execution

Server deserializes payload

Persist

Execute code as IIS app pool identity

Impact

Establish persistence or pivot

Access

Obtain hard-coded machineKey from disclosure

Delivery

Craft malicious ViewState with RCE gadget

Exploit

Send forged POST to ASP.NET endpoint

Execution

Server deserializes payload

Persist

Execute code as IIS app pool identity

Impact

Establish persistence or pivot

Vulnerability AssessmentAI

Exploitation	Exploitation requires the attacker to possess the exact hard-coded machineKey value (both validationKey and decryptionKey) used in KnowledgeDeliver deployments prior to February 24, 2026. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) confirms unauthenticated remote exploitation with low complexity, but the scored impact (C:H/I:N/A:N) only reflects Confidentiality-this appears to be a CVSS scoring error, as RCE inherently provides High impact across all three CIA dimensions. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated attacker identifies a Digital Knowledge KnowledgeDeliver instance and retrieves the hard-coded machineKey value from Mandiant's public disclosure or prior reverse engineering. Using tools like ysoserial.net, the attacker generates a malicious ViewState payload containing a .NET deserialization gadget (e.g., ObjectStateFormatter chain targeting TextFormattingRunProperties). …
Remediation	Upgrade to Digital Knowledge KnowledgeDeliver version released on or after February 24, 2026, which replaces the hard-coded machineKey with a deployment-unique value. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Digital Knowledge KnowledgeDeliver deployments and confirm current versions. …

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-23271 vulnerability details – vuln.today

Back

Knowledgedeliver EUVD-2026-23271

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code