A critical vulnerability, CVE-2026-5426, has been detected in the Knowledge Deliver Learning Management System, exploited by attackers injecting malware into the system. The flaw arises from hardcoded machineKey values used for data encryption, allowing attackers to compromise multiple customer environments easily. Once inside, attackers deployed a stealthy web shell, manipulated file permissions, and tricked users into downloading malicious plugins, which infected workstations.
To mitigate the issue, organizations are advised to monitor application logs for security breaches, rotate machine keys, and restrict access to known IP addresses to enhance security.