CVE-2026-3502

Summary

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Affected Software

VendorProductVersion RangeStatus
TrueConfTrueConf ClientTrueConf Client versions 8.1.0 through 8.5.2affected

Weaknesses

  • CWE-494: CWE-494: Download of Code Without Integrity Check.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References