Exploitation of CVE‑2026‑5426 in KnowledgeDeliver: Godzilla and Cobalt Strike

Colleagues, a security alert: a vulnerability in the KnowledgeDeliver LMS was exploited.
What happened: CVE‑2026‑5426 (CVSS 7.5) — hardcoded ASP.NET machineKey and ViewState deserialization enabled RCE; attackers installed a Godzilla webshell and deployed Cobalt Strike.
Tactics: they used shared keys from the default web.config, altered JS, and social‑engineered users into installing a fake 'plugin'.
Recommendations: make machineKey unique, apply patches, and strengthen monitoring and integrity controls.
Why it matters: a single leaked key can compromise all installations.
Are you reviewing your deployment templates and secret management?
#cybersecurity #vulnerabilities #ASPNet #infosec


Latest comments
No comments yet.