CVE-2026-5426 affects KnowledgeDeliver LMS (Digital Knowledge, Japan) with a CVSS 9.5 rating. All deployments prior to the February 24, 2026 vendor patch are vulnerable to unauthenticated RCE via hardcoded ASP.NET ViewState machine keys shared across all customer instances. Active exploitation has been confirmed with in-memory web shell deployment (BLUEBEAM) and Cobalt Strike BEACON delivery to end-user browsers. The vulnerability is rooted in a ASP.NET platform configuration flaw — hardcoded machine keys — but the exploitable surface is the KnowledgeDeliver application.