← Back to Vulnerability Reports CVE Intelligence

CVE-2026-3502

TrueConf ClientHIGH · CVSS 7.8 In the wild In CISA KEV

What is CVE-2026-3502?

TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

CVSS7.8 NVD 3.1
SeverityHIGH
Exploitation In the wild In CISA KEV
Triage statusActive Exploit
ActionPatch immediately
CVSS vectorCVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

CISA Known Exploited Vulnerability

TrueConf Client Download of Code Without Integrity Check Vulnerability

Added to KEV2026-04-02
Federal patch deadline2026-04-16
Known ransomware useUnknown

Affected product

TrueConf Client

References

Coverage on defend.network

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

Get Critical CVE Alerts

Subscribe free and hear about actively exploited CVEs like this one first.