EUVD-2026-23271

| CVE-2026-5426 HIGH
2026-04-16 Mandiant GHSA-g88c-8gfj-6c98
Deserialization RCE Knowledgedeliver
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Apr 18, 2026 - 04:22 vuln.today
CVSS Changed
Apr 18, 2026 - 04:22 NVD
7.5 (HIGH)
patch_available
Apr 16, 2026 - 17:02 EUVD

DescriptionNVD

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

AnalysisAI

Remote code execution in Digital Knowledge KnowledgeDeliver (all versions prior to February 24, 2026) via malicious ViewState deserialization. A hard-coded ASP.NET machineKey allows unauthenticated remote attackers to bypass ViewState validation and execute arbitrary code on the server. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all Digital Knowledge KnowledgeDeliver deployments and confirm current versions. Within 7 days: Apply vendor patch to upgrade all instances to February 24, 2026 release or later. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-23271 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy