CVE•Published 2026-05-15•Modified 2026-05-27•1 article on news•5 live references•NVD data

CVE-2026-8398

Vulnerability data via NVD (ingested)

CVSS v3.1

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS percentile

—

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Description

A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.

Timeline

Published 2026-05-15

Modified 2026-05-27

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-8398

Hosts Shodan has explicitly fingerprinted as vulnerable.

More intel sources (5)

Shodan report

vuln:CVE-2026-8398

Country / ASN / product breakdown for the vuln query.

Censys

vulnerabilities.cve_id: CVE-2026-8398

Censys host search filtered to this CVE id.

grep.app

CVE-2026-8398