Vulnerability intelligence

CVE-2026-8398

Daemon Tools Lite Embedded Malicious Code Vulnerability

A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.

CVSS Score

9.8

Critical

EPSS — Exploit Probability

14%

Riskier than 95% of all CVEs

Exploitation

Confirmed in the wild

Used in ransomware campaigns

Remediation

Patch available

Federal deadline 2026-05-30

CISA required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-05-30.

NVD entry Vendor patch PoC / advisory CISA KEV

7 articles across 4 outlets · first covered May 27, 2026 · latest May 28, 2026

Coverage timeline

CISA warns of Daemon Tools, TanStack and Nx Console flaws
securityaffairs.com · May 28, 2026
Showboat malware leverages critical CVEs to spy on telecoms
securityonline.info · May 28, 2026
FortiClient EMS flaw used to drop EKZ Infostealer via fake updates
securityonline.info · May 28, 2026
Active exploits found today hide malicious code in popular tools
securityonline.info · May 28, 2026
Motorola Fixes Amazon App Redirect Bug After Smart Feed Abuse
securityonline.info · May 28, 2026
CISA urges action on Daemon Tools Lite CVE-2026-8398 vulnerability
www.cisa.gov · May 28, 2026
Critical CVE‑2026‑8398 Flaw Hits Daemon Tools Lite, Exploited
cisa.gov · May 27, 2026