Horizon Alert
Summary of the vulnerability and why it matters
This issue in Digital Knowledge KnowledgeDeliver software allows attackers to take control of systems without needing any prior access. It stems from sensitive security information being hard-coded, which bypasses critical security checks.
- Attackers can execute custom code.
- Systems can be remotely compromised.
- This affects internet-facing applications.
Attack Path
How an attacker could exploit the issue
An attacker can exploit this by crafting a malicious ViewState payload that bypasses validation due to the hard-coded machine key. This payload can then be deserialized by the vulnerable ASP.NET/IIS application, leading to arbitrary code execution on the server. This attack path requires no authentication and targets publicly accessible web applications.
- Publicly accessible web interface.
- No authentication required.
- Bypasses ViewState validation.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability presents a significant risk due to its potential for remote code execution without authentication. Attackers are likely to target this given the ease of exploitation and impact.
- Public exploit code exists.
- Attackers can gain remote code execution.
- Exploitation requires no user interaction.
Priority actions
Operational Fix
Recommended remediation, mitigation, and detection steps
Teams should prioritize identifying and isolating Digital Knowledge KnowledgeDeliver deployments that are vulnerable to remote code execution due to a hard-coded machineKey. This critical vulnerability allows for complete system compromise through malicious ViewState deserialization, necessitating immediate action to prevent exploitation.
- Block network access to vulnerable services.
- Update Digital Knowledge KnowledgeDeliver to February 24, 2026 release.
- Monitor for suspicious network activity.
