NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-5426

Summary	Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks
Publication Date	April 17, 2026, 1:16 a.m.
Registration Date	April 17, 2026, 4:13 a.m.
Last Update	April 17, 2026, 1:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0009.md	mandiant-cve@google.com
2	https://www.digital-knowledge.co.jp/product/kd/	mandiant-cve@google.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-502	信頼性のないデータのデシリアライゼーション	https://cwe.mitre.org/data/definitions/502.html
2	CWE-321	ハードコードされた暗号鍵の使用	https://cwe.mitre.org/data/definitions/321.html