CVE-2026-3502

Published: Mar 30, 2026Modified: Apr 3, 2026CISA KEV

7.8

Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Exploitability: 1.2 / Impact: 6.0

Source: cve@checkpoint.com (Secondary)

Description

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Affected (1)

Products: Trueconf: Trueconf

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trueconf Trueconf	Before 8.5.3.884

Related CWEs

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (3)

https://trueconf.com/blog/update/trueconf-8-5

Source: cve@checkpoint.com

ProductRelease Notes

https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.