| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2026-8398 | 15 May 202607:30 | – | attackerkb | |
| CVE-2026-8398 | 15 May 202610:00 | – | circl | |
| Daemon Tools Lite Embedded Malicious Code Vulnerability | 27 May 202600:00 | – | cisa_kev | |
| CISA Adds Three Known Exploited Vulnerabilities to Catalog | 27 May 202612:00 | – | cisa | |
| Disc Soft DAEMON Tools Lite 安全漏洞 | 15 May 202600:00 | – | cnnvd | |
| CVE-2026-8398 | 15 May 202607:30 | – | cve | |
| CVE-2026-8398 | 15 May 202607:30 | – | cvelist | |
| EUVD-2026-30514 | 15 May 202607:30 | – | euvd | |
| CVE-2026-8398 | 15 May 202609:16 | – | nvd | |
| PT-2026-41279 | 8 Apr 202600:00 | – | ptsecurity |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(323022);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/29");
script_cve_id("CVE-2026-8398");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/05/30");
script_name(english:"Disc Soft DAEMON Tools Lite 12.5.0.2421 - 12.5.0.2434 Embedded Malicious Code (CVE-2026-8398)");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by an embedded malicious code vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Disc Soft DAEMON Tools Lite installed on the remote Windows host is between 12.5.0.2421 and 12.5.0.2434
inclusive. It is, therefore, affected by an embedded malicious code vulnerability.
- A supply chain attack compromised the official installation packages of DAEMON Tools Lite, distributed from the
legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained
unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three
binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the
legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and
bypass signature-based detection. (CVE-2026-8398)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://blog.daemon-tools.cc/post/security-incident");
script_set_attribute(attribute:"see_also", value:"https://securelist.com/tr/daemon-tools-backdoor/119654/");
script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2026-8398");
script_set_attribute(attribute:"solution", value:
"Reinstall DAEMON Tools Lite using a clean package (version 12.6.0.2445 or later) from the official vendor site.");
script_set_attribute(attribute:"agent", value:"windows");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:A");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-8398");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/05/15");
script_set_attribute(attribute:"patch_publication_date", value:"2026/05/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:disc-soft:daemon_tools");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("disc_soft_daemon_tools_lite.nbin");
script_require_keys("installed_sw/Disc Soft DAEMON Tools Lite");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'requires': [
{'scope': 'target', 'match': {'os': 'windows'}}
],
'checks': [
{
'product': {'name': 'Disc Soft DAEMON Tools Lite', 'type': 'app'},
'check_algorithm': 'default',
'constraints': [
{'min_version': '12.5.0.2421', 'max_version': '12.5.0.2434', 'fixed_version': '12.6.0.2445'}
]
}
]
};
var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation