CVE-2026-3502

CWE-4946 documents6 sources

7.8

CVSS

HIGH

EPSS1.5%(81th)

CISA KEV

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:LExploitability: 1.2 | Impact: 6.0

Affected Packages1 packages

▶NVDtrueconf/trueconf< 8.5.3.884

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

NVD ↗MITRE ↗

🔴Vulnerability Details

CVEList

TrueConf Client Update Integrity Verification Bypass↗2026-03-30

▶

VulnCheck

TrueConf Client Download of Code Without Integrity Check Vulnerability↗2026

▶

📋Vendor Advisories

CISA

TrueConf Client Download of Code Without Integrity Check Vulnerability↗2026-04-02

▶