CVE-2026-5426 — KnowledgeDeliver Exploited as a Zero-Day via ViewState Deserialization

Summary CVE-2026-5426 lets an unauthenticated attacker achieve OS-level remote code execution (RCE) on any internet-facing KnowledgeDeliver instance with a single HTTP request. The root cause is not a