HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

CISA Flags Three Actively Exploited Vulnerabilities (CVE-2026-8398, CVE-2026-45321, CVE-2026-48027) – Immediate Remediation Required

CISA added three actively exploited CVEs to its Known Exploited Vulnerabilities catalog, affecting Daemon Tools Lite, TanStack libraries, and Nx Console. The vulnerabilities embed malicious code and pose a high‑severity supply‑chain risk for organizations that use these developer tools.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 cisa.gov
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
cisa.gov

CISA Flags Three Actively Exploited Vulnerabilities (CVE-2026-8398, CVE-2026-45321, CVE-2026-48027) – Immediate Remediation Required

What It Is — CISA added three CVEs to its Known Exploited Vulnerabilities (KEV) catalog, indicating they are being actively leveraged by threat actors. The vulnerabilities affect Daemon Tools Lite, TanStack UI libraries, and Nx Console, each embedding malicious code that can be executed on compromised systems.

Exploitability — Confirmed active exploitation in the wild; proof‑of‑concept activity has been observed. Official CVSS scores are pending, but inclusion in the KEV catalog signals a high‑severity risk (likely ≥8.0).

Affected Products — Daemon Tools Lite (disk‑image utility), TanStack libraries (e.g., React Query, TanStack Table), Nx Console (VS Code extension for Nx monorepos).

TPRM Impact — Organizations that depend on these third‑party development tools may inherit malicious code, creating a supply‑chain foothold that can compromise downstream applications, expose data, or disrupt services.

Recommended Actions

  • Inventory usage of Daemon Tools Lite, TanStack libraries, and Nx Console across all vendors and internal teams.
  • Apply the latest patches or upgrade to versions that remediate CVE‑2026‑8398, CVE‑2026‑45321, and CVE‑2026‑48027 immediately.
  • If patching is not feasible, deploy compensating controls such as network segmentation, application whitelisting, and enhanced endpoint monitoring.
  • Incorporate these CVEs into your vulnerability‑management prioritization matrix in line with BOD 22‑01 guidance.

Source: CISA Advisory – May 27 2026

📰 Original Source
https://www.cisa.gov/news-events/alerts/2026/05/27/cisa-adds-three-known-exploited-vulnerabilities-catalog

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →