anonhaven
Ad

CVE-2026-3502

HIGH CVSS 3.1: 7.8 EPSS 2.42%
Updated Apr 03, 2026
Payload
Parameter Value
CVSS 7.8 (HIGH)
Affected Versions before 8.5.3.884
Fixed In 8.5.3.884
Type CWE-494
Vendor Payload
Public PoC Yes

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Attack Parameters

Attack Vector
Adjacent
Requires local network access
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
Low
Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-494

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Trueconf Trueconf
cpe:2.3:a:trueconf:trueconf:*:*:*:*:*:windows:*:*
 8.5.3.884

References 3

https://trueconf.com/blog/update/trueconf-8-5
cve@checkpoint.com
https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-aga…
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026…
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-40922

Payload

5.3

CVE-2026-35469

Payload

8.7

CVE-2026-40901

Payload

7.5

CVE-2024-8010

Payload

3.5

CVE-2025-40899

Payload

7.1