TrueConf Client Update Vulnerability Allows Unverified Code Exec
CVE-2026-3502 Published on March 30, 2026
TrueConf Client Update Integrity Verification Bypass
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
Known Exploited Vulnerability
This TrueConf Client Download of Code Without Integrity Check Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
The following remediation steps are recommended / required by April 16, 2026: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
Weakness Type
Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.
Affected Versions
TrueConf Client Version TrueConf Client versions 8.1.0 through 8.5.2 is affected by CVE-2026-3502Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.