← Voltar para CVEs
CVE-2026-3502
HIGHCISA KEV7.8
Descricao
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
Detalhes CVE
Pontuacao CVSS v3.17.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
Vetor de ataqueADJACENT_NETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioREQUIRED
Publicado3/30/2026
Ultima modificacao4/3/2026
Fontenvd
Avistamentos honeypot0
CISA KEV
FornecedorTrueConf
ProdutoClient
Nome da vulnerabilidadeTrueConf Client Download of Code Without Integrity Check Vulnerability
Data inclusao KEV2026-04-02
Prazo de remediacao2026-04-16
Uso em ransomwareUnknown
Produtos afetados
trueconf:trueconf
Fraquezas (CWE)
CWE-494
Referencias
https://trueconf.com/blog/update/trueconf-8-5(cve@checkpoint.com)
https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.