May 27, 2026 · Applied Cybernetics Group
CVE-2026-8398 — Daemon Daemon Tools Lite
Daemon Tools Lite Embedded Malicious Code Vulnerability
- Added to KEV
2026-05-27- Federal due date
2026-05-30- Vendor
- Daemon
- Product
- Daemon Tools Lite
- EPSS
- 94.6th percentile (score 0.144, as of
2026-06-08) - NVD CVSS v3.1
- 9.8 (CRITICAL)
- Ransomware use
- Unknown
- Upstream
- https://nvd.nist.gov/vuln/detail/CVE-2026-8398
CISA short description
Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
NVD description
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.