CVE-2026-3502HIGH 7.8CISA KEVEPSS p92.1%

CVE-2026-3502TrueConf Client Download of Code Without Integrity Check Vulnerability

TrueConf / Client

Description

TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Scoring

CVSS 3.17.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
EPSS5.75% probability of exploitation · percentile 92.1% · 2026-06-19T12:03:05Z
Published2026-03-30
Last modified2026-04-03

CISA KEV entry

Added to KEV: 2026-04-02

Underlying weaknesses· 1

CWE-494

References

  1. https://trueconf.com/blog/update/trueconf-8-5
  2. https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/
  3. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502

1

TypeTargetConfidenceTier
WeaknessDownload of Code Without Integrity Checkcwe-4940%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryTrueConf Client Download of Code Without Integrity Check Vulnerabilitykev-cve-2026-35020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-29201
CVE
CVE-2025-1058
CVE
CVE-2025-29902
CVE
CVE-2025-25270
CVE
CVE-2026-22908
CVE
CVE-2025-23364
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.