Cve-2026-5426

vulnerability 2026-05-28
KnowledgeDeliver CVE-2026-5426: Shared ASP.NET Machine Key Burns Every Japanese LMS Tenant at Once
A hardcoded ASP.NET machineKey shipped in Digital Knowledge's KnowledgeDeliver LMS web.config gives any attacker who reads one tenant's config unauthenticated RCE on every other internet-facing instance. Mandiant tied active exploitation to BLUEBEAM web shells and Cobalt Strike beacons consistent with Chinese-speaking APTs.
knowledgedeliver cve-2026-5426 viewstate-deserialization asp-net machinekey zero-day bluebeam godzilla cobalt-strike apt41 lms

KnowledgeDeliver CVE-2026-5426: Shared ASP.NET Machine Key Burns Every Japanese LMS Tenant at Once