CVE-2026-3502

HIGH 7.8

⚠️ CISA KEV

TrueConf Client Update Integrity Verification Bypass

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

1th

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

CWE	CWE-494
Vendor	trueconf
Product	trueconf client
Published	Mar 30, 2026
Last Updated	Apr 3, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for trueconf trueconf client

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-3502.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Affected Versions

TrueConf / TrueConf Client

TrueConf Client versions 8.1.0 through 8.5.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

trueconf.com: https://trueconf.com/blog/update/trueconf-8-5 research.checkpoint.com: https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502