KnowledgeDeliver CVE-2026-5426: Mandiant traces RCE to shared ASP.NET keys
Mandiant traces a zero-day in Japan's KnowledgeDeliver LMS to ASP.NET machineKey values reused across customers — enabling unauthenticated ViewState RCE and BLUEBEAM web-shell drops.