CVE-2026-3502

High KEV CVSS: 7.8

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Vendor

Trueconf

Product

Trueconf

CWE

CWE-494

Yayın Tarihi

2026-03-30 19:16:27

Güncelleme

2026-04-03 11:40:57

Source Identifier

cve@checkpoint.com

KEV Date Added

2026-04-02

Kategoriler

CWE-494 Trueconf HIGH Trueconf 2026

Referanslar

https://trueconf.com/blog/update/trueconf-8-5 https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502

Benzer Kayıtlar

Medium

CVE-2025-66823

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to…

High

CVE-2025-66824

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference fun…

High

CVE-2025-66834

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadshe…

High

CVE-2025-66835

TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary…