CVE-2026-3502HIGH · 7.8TrackedCISA KEV

TrueConf · Client

TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Disclosed

2026-03-30

71 days ago

Status

no honeypot capture yet

on CISA KEV — watching

7-day events

across 0 distinct IPs

7-day spread

0 ASN · 0 cty

0 active days

Top ASNs

No events captured yet.

Top countries

No events captured yet.

References

https://trueconf.com/blog/update/trueconf-8-5
https://trueconf.com/downloads/windows.html
https://nvd.nist.gov/vuln/detail/CVE-2026-3502

↗ NVD ↗ CISA KEV ↗ Search analyses