CISA 2026-05-27

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Machine-generated analysis · WAYSCloud LLM

The advisory adds two vulnerabilities involving embedded malicious code in developer tools, which may indicate supply chain compromise.

Context

Daemon Tools Lite and Nx Console are developer and system utilities that may be used in software development environments. The advisory states these products contain embedded malicious code, a rare detail in KEV entries. This suggests the compromise may stem from the software distribution itself rather than a traditional vulnerability. Worth noting is the inclusion of a vulnerability in TanStack, a modern web development framework, though no specifics are provided.

Operator considerations

Check: developer workstations and build environments for installed instances of Daemon Tools Lite, Nx Console, or TanStack tooling.

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2026-8398 Daemon Tools Lite Embedded Malicious Code Vulnerability

CVE-2026-45321 TanStack Unspecified Vulnerability

CVE-2026-48027 Nx Console Embedded Malicious Code Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threa...

Read the full advisory on CISA →