CVE-2026-8398
Published May 15, 2026
Last updated 17 days ago
AI description
CVE-2026-8398 describes a supply chain attack that compromised official installation packages of DAEMON Tools Lite for Windows. Between approximately April 8, 2026, and May 5, 2026, attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure. They subsequently trojanized three binaries—DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe—which were then distributed via the legitimate daemon-tools.cc website. These malicious installers appeared trustworthy because the trojanized files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing them to bypass signature-based detection. The affected versions of DAEMON Tools Lite are 12.5.0.2421 through 12.5.0.2434.
- Description
- A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.
- Source
- vulnerability@kaspersky.com
- NVD status
- Analyzed
- Products
- daemon_tools
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Daemon Tools Lite Embedded Malicious Code Vulnerability
- Exploit added on
- May 27, 2026
- Exploit action due
- May 30, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- vulnerability@kaspersky.com
- CWE-506
- Hype score
- Not currently trending
00:00 UTC: CVE-2026-8398 disclosed. CISA: CVE-2026-8398 added to Known Exploited Vulnerabilities — Daemon Daemon Tools Lite Status: ✅ Confirmed exploited in the wild Date added: 2026-05-27 Required action: Apply mitigations per vendor instructions, follow applicable BOD…
@lyrie_ai
11 Jun 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 DAEMON Tools Lite : La CISA alerte sur la faille critique CVE-2026-8398 activement exploitée. #zoneantimalware https://t.co/Mi42yb2Wf0
@NicolasCoolman
31 May 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-8398: DAEMON Tools Lite Supply Chain Attack - What It Means for Your Business and How to Respond https://t.co/YU6YgFonGH
@integ_sec
30 May 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2026-8398 hits CISA KEV Daemon Tools Lite = actively exploited in the wild If you're running this, assume breach until patched. Why do "lite" apps always carry heavyweight risks? #infosec #CVE
@OrizonCyber
29 May 2026
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA added three actively exploited supply chain vulnerabilities to the KEV catalog this week. CVE-2026-8398 affects Daemon Tools Lite, where attackers shipped trojanized signed installers from the vendor's own website for nearly a month. CVE-2026-45321 affects TanStack, where 42
@Atarussecurity
29 May 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: CISA updates its Known Exploited Vulnerabilities Catalog with three new entries, including CVE-2026-8398 and CVE-2026-45321, due to active exploitation evidence. Stay vigilant and update systems promptly. #NerdieNews #CyberSecurity #BreakingNews #InfoSec https://t.
@NewsNerdie
28 May 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Three CVEs have been added to the list of known exploits; CVE-2026-45321 (TanStack), CVE-2026-48027 (Nx Console) and CVE-2026-8398 (DAEMON Tools Lite). The trio has been linked to an attack campaign named "Mini Shai-Hulud" and has been attributed to cybercriminal group 'TeamPCP'.
@Leila97726926
28 May 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: #CISA added new vulnerabilities to its KEV list: CVE-2026-48027 in #Nx Console, CVE-2026-8398 in #Daemon Tools Lite and CVE-2026-45321 in #Tanstack. Make sure you are running the non-malicious version of the packages to avoid a supply chain attack. #Patch #Patch #Patch
@CCBalert
28 May 2026
212 Impressions
2 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性3件をカタログに追加 CISA Adds Three Known Exploited Vulnerabilities to Catalog #CISA (May 27) CVE-2026-8398 Daemon Tools Lite Embedded の悪意のあるコードの脆弱性 CVE-2026-45321 TanStackの特定されていない
@foxbook
28 May 2026
228 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【サプライチェーン攻撃】米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに3件の脆弱性を追加。Daemon Tools LiteのCVE-2026-8398、TanStackのCVE-2026-45321、Nx ConsoleのCVE-2026-48027
@__kokumoto
27 May 2026
1587 Impressions
2 Retweets
4 Likes
2 Bookmarks
1 Reply
0 Quotes
CVE-2026-8398 Daemon Tools Lite Embedded Malicious Code Vulnerability CVE-2026-45321 TanStack Unspecified Vulnerability CVE-2026-48027 Nx Console Embedded Malicious Code Vulnerability
@zerotalktoai
27 May 2026
86 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Daemon Tools Lite embedded malicious code vulnerability CVE-2026-8398, TanStack vulnerability CVE-2026-45321 & Nx Console vulnerability CVE-2026-48027 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSec https://t.c
@CISACyber
27 May 2026
5842 Impressions
16 Retweets
47 Likes
5 Bookmarks
3 Replies
1 Quote
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:disc-soft:daemon_tools:12.5.1:*:*:*:lite:*:*:*",
"matchCriteriaId": "F291E275-397E-40E4-8ABD-292B16A8C90E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]