Application Update Vulnerability in TrueConf Client by TrueConf
CVE-2026-3502

7.8HIGH

Key Information:

Vendor

Trueconf

Status
Trueconf Client
Vendor
CVE Published:
30 March 2026

Badges

馃搱 Score: 1,130馃挵 Ransomware馃懢 Exploit Exists馃煛 Public PoC馃 CISA Reported馃摪 News Worthy

What is CVE-2026-3502?

CVE-2026-3502 is a vulnerability affecting the TrueConf Client, which is a video conferencing and collaboration software used by organizations for virtual meetings and communication. This vulnerability stems from the application鈥檚 inability to verify the authenticity of the update code it downloads and applies during updates. Consequently, if an attacker can manipulate the update delivery process, they could introduce a malicious update payload. If this unauthorized code is executed, it could lead to arbitrary code execution within the context of the update process or user environment, compromising system integrity and exposing sensitive information. Given the critical nature of communication tools like TrueConf, this vulnerability can have severe consequences for organizations relying on secure and trustworthy updates to their software.

Potential impact of CVE-2026-3502

  1. Arbitrary Code Execution: The most serious consequence of this vulnerability is the potential for arbitrary code execution. If an attacker successfully substitutes a tampered update, they can run malicious code on a user's system, which might be used to install additional malware, access sensitive data, or pivot to other network resources.

  2. Data Breaches: The ability to execute unauthorized code can lead to significant data breaches. Sensitive information, including proprietary corporate data and personal identifiable information (PII), may be accessed or exfiltrated, leading to potential regulatory fines and damage to the organization鈥檚 reputation.

  3. System Compromise and Downtime: Successful exploitation can lead to systemic issues, including the complete compromise of affected machines or networks. This could result in costly downtime, impacting productivity and operational efficiency, as organizations would need to respond to the threat, mitigate damage, and restore services.

CISA has reported CVE-2026-3502

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-3502 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

TrueConf Client TrueConf Client versions 8.1.0 through 8.5.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-3502---TrueConf-Client-Update-Hijacking-PoC
Created by fevar54

News Articles

favicon imageCybersecuritynews

CISA Adds TrueConf Vulnerability to KEV Catalog Following Active Exploitation

CISA added TrueConf flaw to KEV amid active exploitation the flaw allows unverified code downloads due to missing integrity checks.

16 hours ago

favicon imageIt Security News

U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog - IT Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA)聽added聽a flaw in TrueConf Client, tracked as CVE-2026-3502 (CVSS score of 7.8), to鈥ead more ...

2 days ago

favicon imageThe Hacker News

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

CVE-2026-3502 (CVSS 7.8) exploited in early 2026 via TrueConf updates, enabling Havoc malware deployment across government networks

4 days ago

References

https://trueconf.com/blog/update/trueconf-8-5

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • 馃煛

    Public PoC available

  • 馃挵

    Used in Ransomware

  • 馃懢

    Exploit known to exist

  • 馃

    CISA Reported

  • 馃摪

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.