CVE-2026-8398

A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://blog.daemon-tools.cc/post/security-incident	Vendor Advisory
https://securelist.com/tr/daemon-tools-backdoor/119654/	Exploit Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-8398	US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:disc-soft:daemon_tools:12.5.1:*:*:*:lite:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

28 May 2026, 12:57

Type	Values Removed	Values Added
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:disc-soft:daemon_tools:12.5.1::::lite:::
First Time		Microsoft Disc-soft daemon Tools Disc-soft Microsoft windows
References	~~() https://blog.daemon-tools.cc/post/security-incident -~~	() https://blog.daemon-tools.cc/post/security-incident - Vendor Advisory
References	~~() https://securelist.com/tr/daemon-tools-backdoor/119654/ -~~	() https://securelist.com/tr/daemon-tools-backdoor/119654/ - Exploit, Third Party Advisory
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-8398 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-8398 - US Government Resource

27 May 2026, 19:16

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-8398 -

15 May 2026, 09:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-15 09:16

Updated : 2026-05-28 12:57

NVD link : CVE-2026-8398

Mitre link : CVE-2026-8398

CVE.ORG link : CVE-2026-8398

JSON object : View

Products Affected

microsoft

windows

disc-soft

daemon_tools

CWE

CWE-506

Embedded Malicious Code

9.8 /10