CVE-2026-3502

HIGH

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Attack Vector

ADJACENT_NETWORK

Complexity

LOW

Privileges

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Published: 3/30/2026Modified: 4/3/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (3)

https://trueconf.com/blog/update/trueconf-8-5ProductRelease Notes https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/Third Party Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502US Government Resource