CVE-2026-8398

CRITICAL CISA KEV EPSS 70.2%
Published May 15, 20261mo ago · Modified Jun 17, 20262w ago
9.3 CVSS 4.0
Critical
Find Similar
Published May 15, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago
KEV Listed May 27, 2026 1mo ago
KEV Due May 30, 2026 32d overdue

Description

A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.

CVSS Details

Base Score
9.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

CISA Known Exploited Overdue 32d
Added
May 27, 2026
Due
May 30, 2026

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability
70.2% percentile
Exploit & Patch Status
Actively Exploited (KEV)
No Patch Available

Weaknesses 1

CWE-506

Affected Products 2

VendorProductVersionRange
disc-softdaemon_tools12.5.1any
microsoftwindows*any

References 3

  • blog.daemon-tools.cc https://blog.daemon-tools.cc/post/security-incident
    Vendor Advisory
  • securelist.com https://securelist.com/tr/daemon-tools-backdoor/119654/
    ExploitThird Party Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-8398
    US Government Resource

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.