AI description
CVE-2026-8398 describes a supply chain attack that compromised official installation packages of DAEMON Tools Lite for Windows. Between approximately April 8, 2026, and May 5, 2026, attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure. They subsequently trojanized three binaries—DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe—which were then distributed via the legitimate daemon-tools.cc website. These malicious installers appeared trustworthy because the trojanized files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing them to bypass signature-based detection. The affected versions of DAEMON Tools Lite are 12.5.0.2421 through 12.5.0.2434.
- Description
- A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.
- Source
- vulnerability@kaspersky.com
- NVD status
- Undergoing Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Daemon Tools Lite Embedded Malicious Code Vulnerability
- Exploit added on
- May 27, 2026
- Exploit action due
- May 30, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- vulnerability@kaspersky.com
- CWE-506
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
7
CVE-2026-8398 Daemon Tools Lite Embedded Malicious Code Vulnerability CVE-2026-45321 TanStack Unspecified Vulnerability CVE-2026-48027 Nx Console Embedded Malicious Code Vulnerability
@zerotalktoai
27 May 2026
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Daemon Tools Lite embedded malicious code vulnerability CVE-2026-8398, TanStack vulnerability CVE-2026-45321 & Nx Console vulnerability CVE-2026-48027 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSec https://t.c
@CISACyber
27 May 2026
3467 Impressions
11 Retweets
29 Likes
5 Bookmarks
1 Reply
0 Quotes