🟢 CVE-2026-8398

CVE-2026-8398 refers to a supply chain attack rather than a traditional software vulnerability exploitable via remote network vectors ^{[2] [1]}.

The following details summarize the nature of this incident:

• Nature of the Incident: The vulnerability involved the compromise of official installation packages for DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434) ^{[2] [1]}.
• Attack Vectors and Methods: Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure, allowing them to inject malicious code into three binaries distributed through the legitimate website `daemon-tools.cc` ^[1].
• Internet-Facing Applications/Services: This is not a vulnerability in an internet-facing service that can be exploited remotely by an attacker. Instead, it was a supply chain compromise where users were infected by downloading and installing trojanized software from the vendor's official distribution channel ^[1].
• Active Exploitation: The malicious packages were distributed between approximately April 8, 2026, and May 5, 2026 ^[1].
• Targeted Attacks: The incident is categorized as a supply chain attack, which typically aims to compromise a broad user base by poisoning legitimate software updates or installers.
• CISA Known Exploited Vulnerabilities (KEV) Status: As of May 27, 2026, there is no indication that this specific supply chain incident is listed in the CISA Known Exploited Vulnerabilities Catalog, which generally tracks vulnerabilities actively exploited in the wild against specific software or hardware products.