CVE-2026-8398 is a critical supply chain vulnerability affecting DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434. Attackers gained unauthorized access to AVB Disc Soft's build or distribution infrastructure and inserted malicious code into three binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe). These trojanized binaries were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to bypass signature-based detection and appear trustworthy to users and security tools. The compromise occurred between April 8 and May 5, 2026, via the official vendor website. The vulnerability is classified under CWE-506 (Embedded Malicious Code). No official patch or remediation level has been disclosed as of the publication date.

This vulnerability enables attackers to distribute malicious code embedded within legitimate, signed installation packages of DAEMON Tools Lite, potentially leading to unauthorized code execution on affected systems without user interaction or elevated privileges. The use of a valid digital signature increases the likelihood of successful delivery and installation by bypassing signature-based security controls. The critical CVSS score (9.3) reflects the high impact and exploitability of this supply chain compromise. No known exploits in the wild have been reported so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the affected versions were distributed between April 8 and May 5, 2026, users should avoid installing or reinstalling these versions. Monitor the official AVB Disc Soft channels for updates or official patches. If possible, verify the integrity of installed binaries and consider reinstalling from a clean, verified source once a fix is available. No official remediation or temporary fix has been published to date.