Summary
KnowledgeDeliver LMS installations are being targeted by a zero-day deserialization vulnerability (CVE-2026-5426) caused by hardcoded machine keys, allowing attackers to deploy web shells and Cobalt Strike backdoors.
Take Action:
If you run Digital Knowledge's KnowledgeDeliver LMS, immediately replace the default ASP.NET machine keys in your web.config with unique, cryptographically strong ones to block these attacks. If possible, restrict portal access to trusted IP ranges, and monitor Windows Application logs for Event ID 1316 (ViewState verification failures).
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
