Trueconf: >> Trueconf Security Vulnerabilities
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
Known exploited
CVSS Score
7.8
EPSS Score
0.015
Published
2026-03-30
TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-12-30