TrueConf Client Update Integrity Verification Bypass_CVE-2026-3502

7.8 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Description

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Basic Information

ID CVE-2026-3502

Source checkpoint

Published Mar 30, 2026 at 18:05

Modified Apr 3, 2026 at 03:55

Affected Product

Vendor TrueConf

Product TrueConf Client

Version TrueConf Client versions 8.1.0 through 8.5.2

Affected Versions TrueConf TrueConf Client TrueConf Client versions 8.1.0 through 8.5.2

CWE Classification

CWE-494

References

trueconf.com /blog/update/trueconf-8-5

{
    "lastseen": "",
    "description": "TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.",
    "published": "2026-03-30T18:05:42.806Z",
    "modified": "2026-04-03T03:55:23.638Z",
    "type": "cve",
    "title": "TrueConf Client Update Integrity Verification Bypass",
    "source": "checkpoint",
    "references": "https://trueconf.com/blog/update/trueconf-8-5",
    "id": "CVE-2026-3502",
    "bulletinFamily": "",
    "cwe": [
        "CWE-494"
    ],
    "cvelist": null,
    "sourceData": "TrueConf TrueConf Client TrueConf Client versions 8.1.0 through 8.5.2",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TrueConf Client",
    "version": "TrueConf Client versions 8.1.0 through 8.5.2",
    "vendor": "TrueConf",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}