← Zuruck zu CVEs
CVE-2026-3502
HIGHCISA KEV7.8
Beschreibung
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
CVE Details
CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
AngriffsvektorADJACENT_NETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionREQUIRED
Veroffentlicht3/30/2026
Zuletzt geandert4/3/2026
Quellenvd
Honeypot-Sichtungen0
CISA KEV
HerstellerTrueConf
ProduktClient
SchwachstellennameTrueConf Client Download of Code Without Integrity Check Vulnerability
KEV Aufnahmedatum2026-04-02
Behebungsfrist2026-04-16
Ransomware-NutzungUnknown
Betroffene Produkte
trueconf:trueconf
Schwachen (CWE)
CWE-494
Referenzen
https://trueconf.com/blog/update/trueconf-8-5(cve@checkpoint.com)
https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.