Embedded malicious code (backdoor) in Daemon Tools - CVE-2026-8398
Published: May 6, 2026 / Updated: May 28, 2026
Vulnerability identifier: #VU130262
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2026-8398
CWE-ID: CWE-506
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Disk Soft Ltd
Affected software:
Daemon Tools
Daemon Tools
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to presence of embedded malicious functionality (aka backdoor) in the application's installer, downloaded from the official website. A remote attacker can compromise the affected system after installing the infected version of DAEMON Tools software.
Note, the vendor's website was distributing infected version since April 8, 2026.
How to mitigate CVE-2026-8398
Install updates from vendor's website.