← Back to news

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

The Hacker News26/05/2026, 05:19
Read full article →

Summary

AI-Generated

Key Points:

  • A high-severity zero-day vulnerability (CVE-2026-5426) in Digital Knowledge KnowledgeDeliver LMS was exploited to deploy the Godzilla web shell and Cobalt Strike Beacon.
  • The flaw allowed unauthenticated remote code execution through a ViewState deserialization attack, impacting all deployments prior to February 24, 2026, and enabling attackers to compromise multiple instances using hard-coded ASP.NET machine keys.
  • Organizations are advised to implement unique secrets for deployments and enhance endpoint monitoring to mitigate risks associated with such vulnerabilities.

Technical Details: CVE-2026-5426 has a CVSS score of 7.5 and allows attackers to exploit hard-coded ASP.NET machine keys for remote code execution by crafting malicious ViewState payloads sent via HTTP requests.

MITRE ATT&CK Techniques:

  • T1203 - Exploit Public-Facing Application (Initial Access)
  • T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
  • T1041 - Exfiltration Over Command and Control Channel (Exfiltration)

IOCs Mentioned: None mentioned.

Join the discussion — sign up to comment, upvote, and save articles.

Discussion

or to comment
Loading...

Loading comments...

Join 5,000+ security professionals

Get access to curated threat intel, upvote articles, join discussions, and build your karma in the SOC community.