{"vulnerability": "CVE-2026-5426", "sightings": [{"uuid": "30052e01-f494-4293-958e-ac9ad3722594", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjmymffdvg2t", "content": "", "creation_timestamp": "2026-04-16T18:04:10.027758Z"}, {"uuid": "e5637507-72e7-47af-a93c-3ecbae40d9f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5426", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116417104416675988", "content": "", "creation_timestamp": "2026-04-17T00:00:41.190629Z"}, {"uuid": "450096da-30e3-4df7-ba4c-e336423215a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5426", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mjnmlvw67525", "content": "", "creation_timestamp": "2026-04-17T00:00:42.440333Z"}, {"uuid": "a6e44065-350b-4342-bfda-925d3257a475", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "published-proof-of-concept", "source": "Telegram/veDSMFN7ecyhltWdKUwpcYAyE-ogEw-qfchv6YBZH7Zn1oc", "content": "", "creation_timestamp": "2026-04-18T05:18:34.000000Z"}, {"uuid": "3c9e3be4-7669-4e4a-adb1-5eebce0fddd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://swecyb.com/ap/users/116080658609901341/statuses/116633539838473469", "content": "(google.com) Exploitation of KnowledgeDeliver via ASP.NET ViewState Deserialization Vulnerability Leading to RCE\nCritical zero-day RCE vulnerability (CVE-2026-5426) in KnowledgeDeliver LMS exploited via ASP.NET ViewState deserialization using hardcoded machine keys. Threat actors deployed BLUEBEAM web shell and Cobalt Strike BEACON post-exploitation.\nIn brief - Mandiant uncovered a zero-day RCE flaw in Japan\u2019s KnowledgeDeliver LMS, exploited via identical hardcoded ASP.NET machine keys. Attackers used ViewState deserialization to deploy in-memory web shells and Cobalt Strike, emphasizing risks of shared cryptographic secrets.\nTechnically - CVE-2026-5426 enables unauthenticated RCE via malicious ViewState payloads due to identical `machineKey` values in `web.config`. Post-exploitation involved BLUEBEAM (in-memory IIS web shell), `icacls` privilege escalation, JavaScript file tampering, and Cobalt Strike BEACON. Detection: monitor Event ID 1316 (ViewState failures), suspicious `w3wp.exe` child processes, and anomalous User-Agents. Remediation: rotate machine keys to unique, strong values and restrict LMS access.\nSource: https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability/\n#Cybersecurity #ThreatIntel", "creation_timestamp": "2026-05-25T07:37:14.765437Z"}, {"uuid": "fc99a307-37b0-4f20-b01e-c0011341ba07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mmoijxbker2n", "content": "@mandiant.com\nActive exploitation of CVE-2026-5426 in KnowledgeDeliver LMS deploys BLUEBEAM web shells &amp; Cobalt Strike.\n-\nIOCs: CVE-2026-5426, 7c1f99dca8e5a7897892f9d224a6495023a2cfd2671697d229d355978c415ed2\n-\n#CVE20265426 #Malware #ThreatIntel", "creation_timestamp": "2026-05-25T12:36:16.296851Z"}, {"uuid": "90b25872-a1b2-4e43-a791-025ebcfae9d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mmqdhd34xa2q", "content": "CVE-2026-5426: KnowledgeDeliver LMS Targeted by Zero-Day ViewState Exploit", "creation_timestamp": "2026-05-26T06:10:38.589582Z"}, {"uuid": "6344a9c8-2efa-439d-8f37-657492850374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://thehackernews.com/2026/05/knowledgedeliver-lms-flaw-exploited-to.html", "content": "A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon.\n\nThe vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to", "creation_timestamp": "2026-05-26T03:19:38.000000Z"}, {"uuid": "2c0784ab-6050-4ed6-9e94-c1a21703c811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/calimegai.bsky.social/post/3mmqgeka5yc2c", "content": "Une faille critique (CVE-2026-5426) dans #KnowledgeDeliver LMS, tr\u00e8s utilis\u00e9 au Japon, a permis l\u2019exploitation zero-day pour d\u00e9ployer Godzilla web shell et Cobalt Strike Beacon. Patch disponible \u26a0\ufe0f #CyberSecurity #Automatisation ", "creation_timestamp": "2026-05-26T07:02:46.855217Z"}, {"uuid": "681dc69e-a3cb-4cb4-b675-8e859246dbd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5426", "type": "seen", "source": "https://bsky.app/profile/oxfemale.bsky.social/post/3mmqhg7p55c2z", "content": "Original: This article is an independent of \u201cExploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability\u201d by Takahiro Sugiyama, Peter Revelant, and Mathew Potaczek, published on the Google Cloud T\nhttps://core-jmp.org/2026/05/knowledgedeliver-viewstate-deserialization-cve-2026-5426/", "creation_timestamp": "2026-05-26T07:21:36.556408Z"}, {"uuid": "eb709cf7-7ad7-44ca-a015-b7852182fa71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/bitnewsbot.bsky.social/post/3mmqnbdggm72p", "content": "A critical vulnerability (CVE-2026-5426) in the Japanese LMS Digital Knowledge KnowledgeDeliver allowed unauthenticated remote code execution. Attackers exploited this flaw [\u2026]", "creation_timestamp": "2026-05-26T09:06:15.188461Z"}, {"uuid": "23bb807c-e919-4f40-892a-f387aa28f671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5426", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mmqwyadgzi2x", "content": "\ud83d\udce2 Exploitation zero-day de KnowledgeDeliver via d\u00e9s\u00e9rialisation ViewState ASP.NET (CVE-2026-5426)\n\ud83d\udcdd ## \ud83d\udd0d Contexte\n\nFin 2025, Mandia\u2026\nhttps://cyberveille.ch/posts/2026-05-26-exploitation-zero-day-de-knowledgedeliver-via-deserialisation-viewstate-asp-net-cve-2026-5426/ #ASP_NET_MachineKey #Cyberveille", "creation_timestamp": "2026-05-26T12:00:06.872142Z"}, {"uuid": "984d753b-ca50-49d8-9970-05f1ed864bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "Telegram/rDPiK1vGJg8wRnXGbqSk3bi_Vn49HLdYqID-Bg62JfX7ng", "content": "", "creation_timestamp": "2026-05-26T06:36:04.000000Z"}, {"uuid": "4814c8d5-368c-4c80-af11-1b4b018c27c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmreekkxak2q", "content": "\ud83d\udea8 #Alerta de #Ciberseguridad: Explotaci\u00f3n Zero-Day CVE-2026-5426 en #LMS \" #KnowledgeDeliver\" www.newstecnicas.com/2026/05/aler...", "creation_timestamp": "2026-05-26T15:59:49.484719Z"}, {"uuid": "9c618aef-7edd-425b-bbf8-c6c5e05d1e18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://t.me/true_secator/8244", "content": "\u041f\u043e\u0434\u0432\u0435\u0434 Google, Mandiant \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e 0-day \u0432 KnowledgeDeliver, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u0435\u043a \u0438 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u0432.\n\n\u0421\u0438\u0441\u0442\u0435\u043c\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\u043c (LMS) KnowledgeDeliver, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u0430\u044f Digital Knowledge, \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0438 \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u043e\u0431\u0443\u0447\u0435\u043d\u0438\u044f, \u0433\u043b\u0430\u0432\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0432 \u042f\u043f\u043e\u043d\u0438\u0438.\n\n0-day, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2026-5426 (CVSS 7,5), \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0430 \u0432 \u0432\u0438\u0434\u0443 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0432 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f\u0445 Digital Knowledge \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b web.config, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0436\u0435\u0441\u0442\u043a\u043e \u0437\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f machineKey, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u043e\u0439 ASP.NET \u0434\u043b\u044f \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u0436\u0435\u0441\u0442\u043a\u043e \u0437\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 \u0432 \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u0437\u043d\u0430\u044e\u0449\u0438\u043c \u043a\u043b\u044e\u0447\u0438, \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f, \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u0432 \u0430\u0442\u0430\u043a\u0438 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 ViewState.\n\nAPP.NET ViewState \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043c\u0435\u0436\u0434\u0443 \u043e\u0431\u0440\u0430\u0442\u043d\u044b\u043c\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u0430\u043c\u0438. \u041a\u043e\u0433\u0434\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u0435\u043d machineKey, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0434\u043b\u044f ViewState. \u041e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u044d\u0442\u0443 \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0432 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0435, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0451.\n\n\u0414\u0430\u043d\u043d\u044b\u0439 \u0442\u0438\u043f \u0430\u0442\u0430\u043a\u0438 \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0438\u043d\u043a\u043e\u0439 \u0438 \u0440\u0430\u043d\u0435\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0441\u044f \u0432 \u0445\u043e\u0434\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Sitecore\u00a0\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0439 CentreStack, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u00a0\u0430\u0442\u0430\u043a\u0430\u0445\u00a0\u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 \u043f\u043e\u0441\u0442\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Godzilla.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Mandiant, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043d\u0443\u043b\u044f \u0432 KnowledgeDeliver \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0432\u0435\u043b\u0430 \u043a \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044e \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u0435\u043a Godzilla (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u043a\u0430\u043a Bluebeam).\n\n\u0420\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u0435\u043c\u043e\u0435 \u0432 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u044d\u0442\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 Godzilla \u0434\u043b\u044f \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u0430\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0444\u0430\u0439\u043b\u0430 JavaScript \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0441 \u0446\u0435\u043b\u044c\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u0438 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043b\u043e\u0436\u043d\u043e\u0433\u043e \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d.\n\n\u0412 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u044b\u043b\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u044b \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c Cobalt Strike. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0431\u044b\u043b\u0430 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0430 \u043a\u043b\u044e\u0447\u043e\u043c, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u043c \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438-\u0436\u0435\u0440\u0442\u0432\u044b, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Mandiant \u0441\u0447\u0438\u0442\u0430\u0435\u0442, \u0447\u0442\u043e \u0431\u044d\u043a\u0434\u043e\u0440 \u0431\u044b\u043b \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0438 IOCs, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0430\u0442\u0430\u043a\u043e\u0439, \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u0441\u0440\u0435\u0434\u044b \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439. \u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u0442\u0430\u043a\u0436\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043c\u0435\u043d\u044f\u0442\u044c \u043a\u043b\u044e\u0447\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0432\u043e\u0438\u043c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430\u043c \u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a LMS.\n\n\u0412\u0441\u0435 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f KnowledgeDeliver, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0434\u043e 24 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2026 \u0433\u043e\u0434\u0430, \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b 0-day \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438.", "creation_timestamp": "2026-05-26T14:50:06.000000Z"}, {"uuid": "6112ceae-6368-4b70-915a-a547c6b5b78f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mmryjq4to32s", "content": "Mandiant says attackers used CVE-2026-5426 in KnowledgeDeliver LMS as a zero-day to deploy Godzilla web shells, abuse reused ASP.NET machine keys, and trigger Cobalt Strike via ViewState deserialization. #KnowledgeDeliver #Mandiant #CobaltStrike", "creation_timestamp": "2026-05-26T22:00:27.686846Z"}, {"uuid": "9f3a1b37-89ac-410f-9daf-14a0df049473", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-486a-16a3-a903-786386626250", "content": "CVE-2026-5426: zero-day in KnowledgeDeliver LMS sfruttato per distribuire BLUEBEAM e Cobalt Strike BEACON\n@informaticaMandiant ha pubblicato i dettagli dell'exploitation attiva di CVE-2026-5426, zero-day nel LMS KnowledgeDeliver causato da chiavi ASP.NET machineKey hardcoded e condivise tra tutte le installazioni.RE: insicurezzadigitale.com/?p=977\u2026", "creation_timestamp": "2026-05-27T07:56:52.045931Z"}, {"uuid": "de1c8b31-7a9b-414e-a2a1-c47de03eaf5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/cybersecurity.poliverso.org.ap.brid.gy/post/3mmszuhdmsjq2", "content": "# **CVE-2026-5426: zero-day in KnowledgeDeliver LMS sfruttato per distribuire BLUEBEAM e Cobalt Strike BEACON**\n\n\n@informatica\nMandiant ha pubblicato i dettagli dell'exploitation attiva di CVE-2026-5426, zero-day nel LMS KnowledgeDeliver causato da chiavi ASP.NET machineKey hardcoded e condivise [\u2026]", "creation_timestamp": "2026-05-27T07:57:03.424559Z"}, {"uuid": "46c0336c-5678-4faf-9289-c3a763c2be79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/nuke86.rfeed.it/post/3mmtcnajjkr24", "content": "CVE-2026-5426: zero-day in KnowledgeDeliver LMS sfruttato per distribuire BLUEBEAM e Cobalt Strike BEACON\nil blog: insicurezzadigitale.com/cve-2026-542...\n\n#cybersecurity #apt #backdoor #cobaltstrike #infosec #malware #zeroday", "creation_timestamp": "2026-05-27T10:34:06.319794Z"}, {"uuid": "3ad6099f-d869-4bf8-9808-b447a1a3bf8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-5426", "type": "exploited", "source": "https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability", "content": "", "creation_timestamp": "2026-05-25T07:00:00.000000Z"}, {"uuid": "021f9c9b-f2db-44bb-ba8e-1d26ee24f63a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/Mozilla.activitypub.awakari.com.ap.brid.gy/post/3mmu7muiluxh2", "content": "\ud83d\udea9 Critical KnowledgeDeliver RCE (CVE-2026-5426) abused via shared ASP.NET machine keys to deliver web shells and Cobalt Strike KnowledgeDeliver exploit (CVE-2026-5426) enables RCE via ViewState ...\n\n#TIGR #malware #vulnerability\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-27T19:12:55.396158Z"}, {"uuid": "db019d5e-8690-488f-8ba6-7e714586adf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://t.me/thehackernews/9078", "content": "\ud83d\udea8 One shared key. Every deployment at risk.\n\nAttackers exploited CVE-2026-5426 in the KnowledgeDeliver LMS to gain unauthenticated RCE through hard-coded ASP-NET machineKeys, deploy the Godzilla (BLUEBEAM) web shell, and deliver Cobalt Strike Beacon on vulnerable internet-facing systems.\n\nRead \ud83e\udc12 https://thehackernews.com/2026/05/knowledgedeliver-lms-flaw-exploited-to.html", "creation_timestamp": "2026-05-26T05:31:04.000000Z"}, {"uuid": "d47dc552-4bdc-4f31-8b24-23e8a1ce21fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "Telegram/IqAYll4ZzjxpeZQ_8CUvuT_fob3B5lJjEUBfv2EUXY56hck", "content": "", "creation_timestamp": "2026-05-27T21:12:27.000000Z"}, {"uuid": "49177872-221c-4d04-84fa-9190a4c57559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmywkdlvkc27", "content": "\ud83d\udea8 Alerta de #Ciberseguridad: Explotaci\u00f3n Zero-Day CVE-2026-5426 en LMS \"KnowledgeDeliver\" www.newstecnicas.com/2026/05/aler...", "creation_timestamp": "2026-05-29T16:13:41.839400Z"}, {"uuid": "c9043b24-aea6-4fa2-b5db-7ee7aedd69ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mmzowr45uv2z", "content": "A high-severity flaw (CVE-2026-5426, CVSS 7.5) in Japan's Digital Knowledge KnowledgeDeliver LMS was exploited as a zero-day to deploy a Godzilla web shell and Cobalt Strike. Now patched.", "creation_timestamp": "2026-05-29T23:30:05.279524Z"}, {"uuid": "01cf028d-b1e8-47cc-b826-78e536959261", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5426", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/31ec02fb-65ac-46a6-a0c0-f704604579d7", "content": "", "creation_timestamp": "2026-06-19T12:45:33.157087Z"}, {"uuid": "0250e9e3-1755-458e-9575-2886786c0686", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54264", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow2atv7uv2q", "content": "CVE-2026-54264 - Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker\nCVE ID : CVE-2026-54264\n \n Published : June 22, 2026, 3:32 p.m. | 7\u00a0hours, 37\u00a0minutes ago\n \n Description : Angular is a development platform for building mobile and desktop w...", "creation_timestamp": "2026-06-22T23:32:18.671082Z"}, {"uuid": "c8e5c297-d7b8-416e-a973-dc1e8fd22f5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54268", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow3ikyahx2q", "content": "CVE-2026-54268 - Angular: Denial of Service (DoS) via OOM in Date Formatting (formatDate)\nCVE ID : CVE-2026-54268\n \n Published : June 22, 2026, 3:31 p.m. | 7\u00a0hours, 38\u00a0minutes ago\n \n Description : Angular is a development platform for building mobile and desktop web applicatio...", "creation_timestamp": "2026-06-22T23:54:31.830266Z"}, {"uuid": "679728c0-95a0-441a-8d32-d8e01eb07a79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54266", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpllj774tz2l", "content": "\ud83d\udccc CVE-2026-54266 - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 2... https://www.cyberhub.blog/cves/CVE-2026-54266", "creation_timestamp": "2026-07-01T13:07:07.784485Z"}, {"uuid": "8247c0a7-28bf-449e-b0f8-cf2d79a01b6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54260", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpoafqta2k2q", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-54260 \u0432 Wagtail: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/FF003A03-9775-4BD2-A67E-36D2F18D6852", "creation_timestamp": "2026-07-02T14:26:19.538799Z"}, {"uuid": "81af2ab6-907d-4357-bf87-c437d7a85f2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54261", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpoai3ophu2n", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-54261 \u0432 Wagtail: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/545E810D-380E-452F-B59F-AD9B8C16BCD8", "creation_timestamp": "2026-07-02T14:27:38.372978Z"}, {"uuid": "56e24486-b2e8-4c5b-b0d8-9ede2b8ab4ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54261", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mpoai5gvar2f", "content": "Wagtail CMS \u5b89\u5168\u6f0f\u6d1e CVE-2026-54261 \u6df1\u5ea6\u89e3\u6790:\u5f71\u54cd\u8303\u56f4\u4e0e\u4fee\u590d\u5efa\u8bae\n\n\n\nhttps://qian.cx/posts/1F742402-F849-4DAC-BB38-BDE73C943A4B", "creation_timestamp": "2026-07-02T14:27:40.218973Z"}, {"uuid": "83fb3888-7388-48c0-b2b9-ac66f8550034", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54262", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpoaj35qfl27", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-54262 \u0432 Wagtail: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/0E03F57A-9F93-40D6-81A7-1EE10ABADDDD", "creation_timestamp": "2026-07-02T14:28:11.364720Z"}, {"uuid": "82f96a68-a7fc-401a-92ae-9913a60ebc38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54263", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpoajono6c2o", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-54263 \u0432 Wagtail: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/34344C06-C9D9-45D6-AAFE-137022DFECC0", "creation_timestamp": "2026-07-02T14:28:31.331316Z"}, {"uuid": "6af29e6a-a56e-4ed5-917f-11c2a9b7ae67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54263", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqnasm4g32y", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-54263 \u0432 Wagtail: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/9A1F4609-27AF-4392-B56F-F07A7E0C60BA", "creation_timestamp": "2026-07-03T13:21:31.871491Z"}, {"uuid": "5f060dce-5a11-4bd5-9cd2-2ab37b1856b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54260", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqnj7hxnt2y", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-54260 \u0432 Wagtail: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/70887820-B2DA-4542-9E75-E3152C666C94", "creation_timestamp": "2026-07-03T13:26:13.878823Z"}, {"uuid": "e52581e0-0b95-44d0-8704-f83aca66bd1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54262", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqnk6jp5n2c", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-54262 \u0432 Wagtail: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D5518082-1283-4647-9999-04ECE6AC0CAA", "creation_timestamp": "2026-07-03T13:26:46.175293Z"}, {"uuid": "ee740b2e-01c6-4235-a215-6565cfda3f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54261", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqnq5biqp2k", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-54261 \u0432 Wagtail: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/56B71AB2-5960-4D72-8BA7-8B3DC8D7119C", "creation_timestamp": "2026-07-03T13:30:06.334910Z"}, {"uuid": "f2055f72-8a16-43bd-ba2c-4f9cb1b1069b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54269", "type": "seen", "source": "https://gist.github.com/alon710/85679449cb8fbdc65386d384f1841a0e", "content": "# CVE-2026-54269: CVE-2026-54269: Runtime Property Shadowing and Denial of Service in protobufjs\n\n&gt; **CVSS Score:** 5.3\n&gt; **Published:** 2026-06-22\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-54269\n\n## Summary\nA property shadowing vulnerability exists in protobufjs where schema-derived names can collide with and overwrite runtime-critical internal helper properties. This issue leads to uncaught runtime exceptions and crash-based Denial of Service.\n\n## TL;DR\nUntrusted protobuf schemas can define fields matching internal properties (such as 'hasOwnProperty' or 'rpcCall'), triggering uncaught runtime exceptions that crash the execution thread (Denial of Service).\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-754, CWE-674\n- **Attack Vector**: Network\n- **CVSS Score**: 5.3 (Medium)\n- **EPSS Score**: 0.0024 (Percentile: 14.70%)\n- **Impact**: Denial of Service (DoS)\n- **Exploit Status**: Proof of Concept available\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- protobufjs\n- protobufjs-cli\n- **protobufjs**: &lt; 7.6.3 (Fixed in: `7.6.3`)\n- **protobufjs**: &gt;= 8.0.0, &lt; 8.6.0 (Fixed in: `8.6.0`)\n- **protobufjs-cli**: &lt; 1.3.3 (Fixed in: `1.3.3`)\n- **protobufjs-cli**: &gt;= 2.0.0, &lt; 2.5.1 (Fixed in: `2.5.1`)\n\n## Mitigation\n\n- Upgrade the dependency package to a patched release version.\n- Establish strict schema validation rules to filter out conflict-prone property names.\n- Ensure process management tools are configured to restart terminated nodes automatically.\n\n**Remediation Steps:**\n1. Locate and review package.json configurations for protobufjs and protobufjs-cli.\n2. Update protobufjs to 7.6.3 or 8.6.0 depending on the active major version.\n3. Update protobufjs-cli to 1.3.3 or 2.5.1 to secure static code generation.\n4. Regenerate any pre-compiled JavaScript static schema files using the updated CLI.\n5. Deploy runtime validation logic to reject schema definitions containing the strings 'hasOwnProperty' or 'rpcCall'.\n\n## References\n\n- [GitHub Security Advisory (GHSA-f38q-mgvj-vph7)](https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-f38q-mgvj-vph7)\n- [NVD CVE Record (CVE-2026-54269)](https://nvd.nist.gov/vuln/detail/CVE-2026-54269)\n- [CVE.org CVE Record (CVE-2026-54269)](https://www.cve.org/CVERecord?id=CVE-2026-54269)\n- [Pull Request #2311: Avoid shadowing prototype properties](https://github.com/protobufjs/protobuf.js/pull/2311)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-54269) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-06T07:58:49.203850Z"}, {"uuid": "e42d37d1-c7af-45a8-85ec-326cda7c35af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54269", "type": "seen", "source": "https://gist.github.com/alon710/e1c58c0e5e300cd65a71e5b861eaf325", "content": "# CVE-2026-54269: CVE-2026-54269: Runtime Property Shadowing and Denial of Service in protobufjs\n\n&gt; **CVSS Score:** 5.3\n&gt; **Published:** 2026-06-22\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-54269\n\n## Summary\nA property shadowing vulnerability exists in protobufjs where schema-derived names can collide with and overwrite runtime-critical internal helper properties. This issue leads to uncaught runtime exceptions and crash-based Denial of Service.\n\n## TL;DR\nUntrusted protobuf schemas can define fields matching internal properties (such as 'hasOwnProperty' or 'rpcCall'), triggering uncaught runtime exceptions that crash the execution thread (Denial of Service).\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-754, CWE-674\n- **Attack Vector**: Network\n- **CVSS Score**: 5.3 (Medium)\n- **EPSS Score**: 0.0024 (Percentile: 14.70%)\n- **Impact**: Denial of Service (DoS)\n- **Exploit Status**: Proof of Concept available\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- protobufjs\n- protobufjs-cli\n- **protobufjs**: &lt; 7.6.3 (Fixed in: `7.6.3`)\n- **protobufjs**: &gt;= 8.0.0, &lt; 8.6.0 (Fixed in: `8.6.0`)\n- **protobufjs-cli**: &lt; 1.3.3 (Fixed in: `1.3.3`)\n- **protobufjs-cli**: &gt;= 2.0.0, &lt; 2.5.1 (Fixed in: `2.5.1`)\n\n## Mitigation\n\n- Upgrade the dependency package to a patched release version.\n- Establish strict schema validation rules to filter out conflict-prone property names.\n- Ensure process management tools are configured to restart terminated nodes automatically.\n\n**Remediation Steps:**\n1. Locate and review package.json configurations for protobufjs and protobufjs-cli.\n2. Update protobufjs to 7.6.3 or 8.6.0 depending on the active major version.\n3. Update protobufjs-cli to 1.3.3 or 2.5.1 to secure static code generation.\n4. Regenerate any pre-compiled JavaScript static schema files using the updated CLI.\n5. Deploy runtime validation logic to reject schema definitions containing the strings 'hasOwnProperty' or 'rpcCall'.\n\n## References\n\n- [GitHub Security Advisory (GHSA-f38q-mgvj-vph7)](https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-f38q-mgvj-vph7)\n- [NVD CVE Record (CVE-2026-54269)](https://nvd.nist.gov/vuln/detail/CVE-2026-54269)\n- [CVE.org CVE Record (CVE-2026-54269)](https://www.cve.org/CVERecord?id=CVE-2026-54269)\n- [Pull Request #2311: Avoid shadowing prototype properties](https://github.com/protobufjs/protobuf.js/pull/2311)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-54269) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-06T07:59:30.626821Z"}, {"uuid": "60b18cea-f148-4004-8f2a-349bb9a321f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54267", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqjbzg7ebe2o", "content": "\ud83d\udccc CVE-2026-54267 - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 2... https://www.cyberhub.blog/cves/CVE-2026-54267", "creation_timestamp": "2026-07-13T08:37:06.329837Z"}, {"uuid": "ccb4eb2c-a0fe-47d9-ae99-8b68467cb055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54267", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mqjca2mrax2z", "content": "\ud83d\udccc CVE-2026-54267 - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 2... https://www.potatohub.blog/cves/CVE-2026-54267", "creation_timestamp": "2026-07-13T08:40:48.887333Z"}]}