CVE-2026-3502 Payload — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	7.8 (HIGH)
Type	CWE-494
Vendor	Payload
Public PoC	No

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Attack Parameters

Attack Vector

Adjacent

Requires local network access

Attack Complexity

Low

Easy to exploit

Privileges Required

High

Admin privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

Low

Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-494

References 1

https://trueconf.com/blog/update/trueconf-8-5

cve@checkpoint.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4317

Payload

9.3

CVE-2026-31946

Payload

9.8

CVE-2026-30313

Payload

None

CVE-2026-25627

Payload

6.5

CVE-2026-30082

Payload

6.1

Menu

CVE-2026-3502

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-4317

CVE-2026-31946

CVE-2026-30313

CVE-2026-25627

CVE-2026-30082

CVE Details

Editor's Choice

Menu

CVE-2026-3502

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-4317

CVE-2026-31946

CVE-2026-30313

CVE-2026-25627

CVE-2026-30082

CVE Details

Editor's Choice

Stay informed on cybersecurity