Supply Chain Vulnerability in DAEMON Tools Lite by AVB Disc Soft
CVE-2026-8398

9.3CRITICAL

Key Information:

Vendor: Avb Disc Soft
Status: Daemon Tools Lite
Vendor: CVE Published:; 15 May 2026

🔔 Create Avb Disc Soft Vulnerability Alert

What is CVE-2026-8398?

A recent supply chain attack targeted DAEMON Tools Lite, impacting versions 12.5.0.2421 to 12.5.0.2434. During this attack, unauthorized parties infiltrated the build and distribution infrastructure of AVB Disc Soft, successfully trojanizing installation packages available on the official website between April 8, 2026, and May 5, 2026. The malicious binaries, including DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, were digitally signed with AVB Disc Soft's legitimate code-signing certificate. This allowed the compromised installers to evade signature-based detection, posing significant risks to users who installed these versions.

Affected Version(s)

DAEMON Tools Lite Windows 12.5.0.2421 < 2.6.0.*

References

https://securelist.com/tr/daemon-tools-backdoor/119654/

technical-descriptionthird-party-advisory

https://blog.daemon-tools.cc/post/security-incident

vendor-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 12, 2026

Credit

Igor Kuznetsov (Kaspersky)

Georgy Kucherin (Kaspersky)

Leonid Bezvershenko (Kaspersky)

Anton Kargin (Kaspersky)

CVE-2026-8398 Data

JSON