🟢 CVE-2026-3502

TrueConf Client fails to verify update integrity, allowing attackers who can intercept the update delivery path to inject malicious code. This requires network positioning and user-initiated update actions, making direct internet exploitation unlikely.

← Back to Overview
LOW_RISK
Risk Level
7.8
CVSS Score
ADJACENT_NETWORK
Attack Vector
Credential Access
ATT&CK Tactic
T1557 — Adversary-in-the-Middle
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2026-03-30

Added to CISA KEV: 2026-04-02 3 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2026-3502 is a high-severity security vulnerability (CVSS score 7.8) affecting the TrueConf client application [1] [5].

Overview of CVE-2026-3502
FeatureDetails
Vulnerability TypeImproper verification of cryptographic signature/integrity check during software updates [3] [2]
ImpactArbitrary code execution on affected endpoints [2] [6]
StatusPatched by TrueConf [4]
Key Findings
  • Active Exploitation & Threat Actors: The vulnerability was actively exploited in the wild as a zero-day in a campaign dubbed "Operation TrueChaos" [1] [5].
  • Targeted Attacks: The campaign specifically targeted government entities in Southeast Asia for the purpose of cyber-espionage [1] [7]. There is no evidence suggesting it was used in widespread ransomware campaigns.
  • Attack Method: The flaw stems from the client's failure to verify the integrity of update payloads [3]. An attacker capable of influencing the update delivery path—such as by controlling an on-premises TrueConf server—can substitute legitimate updates with tampered, malicious payloads that are then automatically executed by the client [2] [8].
  • Exploit Availability: While technical details and analysis of the vulnerability have been published by security researchers (e.g., Check Point Research), there is no public information indicating the availability of a weaponized proof-of-concept (PoC) exploit tool for general use [1].
  • Mitigation: TrueConf has released a security patch to address this vulnerability [4]. Organizations using TrueConf are advised to ensure their client software is updated to the latest version to mitigate the risk of exploitation.

Sources

  1. Operation TrueChaos: 0-Day Exploitation Against Southeast Asian ...

    Check Point Research identified a zero-day vulnerability in the TrueConf client application, tracked as CVE-2026-3502, with a CVSS score of 7.8. ... Key Points Introduction At the beginning of 2026, Check Point Research observed a series of targeted attacks against government entities in Southeast A…

  2. CVE-2026-3502 - Exploits & Severity - Feedly

    Mar 30, 2026 at 2:31 PM Threat Intelligence Report CVE-2026-3502 is a critical zero-day vulnerability in the TrueConf client application, with a CVSS score of 7.8, that allows attackers controlling an on-premises TrueConf server to distribute and execute arbitrary files across connected endpoints by…

  3. CVE-2026-3502 - NVD

    Description. TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to ... CVE-2026-3502 Detail Description TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to…

  4. CVE-2026-3502 – TrueConf Client - Action1

    TrueConf has released a security patch for TrueConf Client addressing CVE-2026-3502, a high-severity vulnerability impacting the application's security ...

  5. TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government ...

    A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity…

  6. CVE-2026-3502 | TrueConf Client Vulnerability | UpGuard

    CVE-2026-3502 is a high-severity code execution flaw in TrueConf Client. Actively exploited, it allows attackers to substitute tampered update payloads.

  7. TrueConf zero-day vulnerability exploited to target government ...

    A zero-day vulnerability in the TrueConf client application was exploited to deliver malware through a compromised update process.

  8. TrueConf Client downloads application update code and... - GitHub

    An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed ... GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed