ASP.NET

May 26, 2026

KnowledgeDeliver Zero-Day Exploited to Drop Web Shells

A hardcoded ASP.NET machine key in KnowledgeDeliver LMS let attackers exploit CVE-2026-5426 without auth to deploy Godzilla web shells. Here's what you need to know.