Is there a public PoC exploit available for CVE-2026-8398?

Yes, a public proof-of-concept exploit is available for CVE-2026-8398. Prioritise patching immediately. EPSS: 0.0%.

DAEMON Tools Lite CVE-2026-8398

Q: What is the CVSS score of CVE-2026-8398?

CVE-2026-8398 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

Q: Which versions of DAEMON Tools Lite are affected by CVE-2026-8398?

DAEMON Tools Lite for Windows versions 12.5.0.2421-12.5.0.2434 distributed trojanized installers through the legitimate vendor website between April 8-May 5, 2026, delivering arbitrary code execution…. A patch is available.

EUVD-2026-30514 CRITICAL

Embedded Malicious Code (CWE-506)

2026-05-15 Kaspersky

GHSA-rm3r-35x9-jv93

Authentication Bypass Microsoft

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Added to CISA KEV

May 27, 2026 - 19:46 CISA

Patch available

May 15, 2026 - 10:16 EUVD

Analysis Generated

May 15, 2026 - 09:30 vuln.today

CVSS changed

May 15, 2026 - 09:22 NVD

9.8 (CRITICAL) 9.3 (CRITICAL)

CVE Published

May 15, 2026 - 07:30 nvd

CRITICAL 9.3

DescriptionNVD

A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.

AnalysisAI

Supply chain compromise of DAEMON Tools Lite for Windows delivered trojanized installers through the legitimate vendor website daemon-tools.cc from April 8 to May 5, 2026. Attackers compromised AVB Disc Soft's build infrastructure and injected malicious code into three binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe), all signed with the vendor's legitimate code-signing certificate. …

RemediationAI

Within 24 hours: Identify all endpoints with DAEMON Tools Lite installed; cross-reference against version history to confirm presence of 12.5.0.2421-12.5.0.2434; isolate affected systems from production networks and disable auto-update on remaining DAEMON Tools Lite instances. Within 7 days: Perform forensic analysis on all affected systems for indicators of malware persistence, lateral movement, and credential theft; assume breach and initiate threat hunting for abnormal process execution, network connections, and privilege escalation attempts; notify threat intelligence and incident response teams. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory