Vulnerability Details CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 79.0%
CVSS Severity
CVSS v3 Score 7.8
Proposed Action
TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
Ransomware Campaign
Unknown
References