What is GHSA-g88c-8gfj-6c98?

GHSA-g88c-8gfj-6c98 is a security advisory published by GitHub Security Advisories with High severity. Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior...

Which CVE IDs does GHSA-g88c-8gfj-6c98 cover?

GHSA-g88c-8gfj-6c98 covers the following CVE IDs: CVE-2026-5426. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-g88c-8gfj-6c98?

GHSA-g88c-8gfj-6c98 has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-g88c-8gfj-6c98HighCVSS 7.5

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior...

Vendor

GitHub Security Advisories

Published

April 16, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2026-5426 →

📋 Description

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-5426
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0009.md
https://www.digital-knowledge.co.jp/product/kd
https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability
https://github.com/advisories/GHSA-g88c-8gfj-6c98