HIGHCVE-2026-3502Published Modified CNA checkpoint
CVE-2026-3502: TrueConf Client Update Integrity Verification Bypass
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- TrueConf / TrueConf ClientTrueConf Client versions 8.1.0 through 8.5.2
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:LReferences