CVE-2026-8398

Published: May 15, 2026

Modified: May 28, 2026

PUBLISHED

CVSS v3.1

9.8

CRITICAL

Description

A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.

Vendor	Product	Versions
AVB Disc Soft	DAEMON Tools Lite	affected `12.5.0.2421 - < 2.6.0.*`

Weaknesses (CWE)

CWE-506

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

DAEMON Tools software infected – supply chain attack ongoing since April 8, 2026

technical-description

third-party-advisory

Security Incident Affecting DAEMON Tools Lite: What We Know So Far

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-8398

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References