CISA Flags Three Actively Exploited Vulnerabilities (CVE-2026-8398, CVE-2026-45321, CVE-2026-48027) – Immediate Remediation Required
What It Is — CISA added three CVEs to its Known Exploited Vulnerabilities (KEV) catalog, indicating they are being actively leveraged by threat actors. The vulnerabilities affect Daemon Tools Lite, TanStack UI libraries, and Nx Console, each embedding malicious code that can be executed on compromised systems.
Exploitability — Confirmed active exploitation in the wild; proof‑of‑concept activity has been observed. Official CVSS scores are pending, but inclusion in the KEV catalog signals a high‑severity risk (likely ≥8.0).
Affected Products — Daemon Tools Lite (disk‑image utility), TanStack libraries (e.g., React Query, TanStack Table), Nx Console (VS Code extension for Nx monorepos).
TPRM Impact — Organizations that depend on these third‑party development tools may inherit malicious code, creating a supply‑chain foothold that can compromise downstream applications, expose data, or disrupt services.
Recommended Actions —
- Inventory usage of Daemon Tools Lite, TanStack libraries, and Nx Console across all vendors and internal teams.
- Apply the latest patches or upgrade to versions that remediate CVE‑2026‑8398, CVE‑2026‑45321, and CVE‑2026‑48027 immediately.
- If patching is not feasible, deploy compensating controls such as network segmentation, application whitelisting, and enhanced endpoint monitoring.
- Incorporate these CVEs into your vulnerability‑management prioritization matrix in line with BOD 22‑01 guidance.
Source: CISA Advisory – May 27 2026