CVE Catalog

CVE-2026-8398

Critical
Published: Translated: NVD NIST

Summary

A supply chain attack compromised the official installation packages of DAEMON Tools Lite in versions 12.5.0.2421 to 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's build or distribution infrastructure and trojanized three binaries.

Risk Assessment

The infected files were digitally signed with the AVB Disc Soft certificate, allowing them to bypass signature-based detection. This poses a serious risk to users who may install malicious software believing it to be trustworthy.

Recommendation

It is recommended to immediately check and remove installed versions of DAEMON Tools Lite and to download software only from official sources after confirming their integrity. Additionally, systems should be monitored for potential threats.

Original NVD description (English source)

A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS