CVE-2026-3502
CWE-494Published: March 30, 2026· Updated: Apr 3, 2026
Official Description
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
Risk Analysis
This high-severity vulnerability in TrueConf Client allows for arbitrary code execution due to a lack of update verification. An attacker could substitute a malicious update, leading to system compromise. This is a critical concern as it is confirmed to be exploited in the wild.
This vulnerability is actively exploited in the wild. An attacker needs to be able to influence the update delivery path to substitute a tampered update payload.
Update TrueConf Client to a patched version as soon as one is available. Ensure that all software updates are downloaded from trusted sources and verified for integrity.
Technical Analysis
CVE-2026-3502 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
Exploitation requires high privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), with a CVSS base score of 7.8.
The vulnerability has a "Changed" scope, meaning successful exploitation can impact components beyond the vulnerable component itself — such as the host operating system or adjacent services.
CISA has added CVE-2026-3502 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
News & Research Mentioning CVE-2026-3502
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client Download of Code Without Integrity Check Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB net [xlite_meta score:48 src:CISA Alerts xlite_fp:450fe439b9066ce9c996c7a7e4307e6c62cbb863ba5ed2a5efdb53dad6e1ecf6]
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to distribute a tampered update, [xlite_meta score:56 src:The Hacker News xlite_fp:8ef25a81be66f64c34605d764436b2a4f185c47993b9dd228373c0b805e67045]
Key Points Introduction At the beginning of 2026, Check Point Research observed a series of targeted attacks against government entities in Southeast Asia carried out via a legitimate TrueConf software installed in the targets’ environment. The investigation led to the discovery of a zero-day vulnerability in the TrueConf client, tracked as CVE-2026-3502 with a CVSS score of 7.8. […] The post Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets appeared first on Check Point Research. [xlite_meta score:44 src:Check Point Research xlite_fp:979772a1d68034cd6954254bd536cec397644dad4e23df9f9f33b99369a12f3c]
All References (3)
Quick Facts
Known Threat Actors
Related CVEs (CWE-494)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-3502 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts
- !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
- !Active exploitation confirmed — treat as P1