CVE-2026-3502: TrueConf Client Download of Code Without Integrity Check Vulnerability

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater,...
CVE-2026-3502CVSS 7.8CISA KEVKnown Exploited

CVE-2026-3502: TrueConf Client Download of Code Without Integrity Check Vulnerability

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater,...

CVSS
7.8 HIGH
EPSS
92.16%
Known exploited
yes
Product
Client

What is known

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Sources