High severity7.8CISA KEVNVD Advisory· Published Mar 30, 2026· Updated Apr 3, 2026
CVE-2026-3502
CVE-2026-3502
Description
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/nvdThird Party Advisory
- trueconf.com/blog/update/trueconf-8-5nvdProductRelease Notes
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
2- 6th April – Threat Intelligence ReportCheck Point Research · Apr 6, 2026
- Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government TargetsCheck Point Research · Mar 31, 2026