{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3502", "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "state": "PUBLISHED", "assignerShortName": "checkpoint", "dateReserved": "2026-03-03T21:18:35.221Z", "datePublished": "2026-03-30T18:05:42.806Z", "dateUpdated": "2026-04-03T03:55:23.638Z"}, "containers": {"cna": {"affected": [{"product": "TrueConf Client", "vendor": "TrueConf", "versions": [{"status": "affected", "version": "TrueConf Client versions 8.1.0 through 8.5.2"}]}], "title": "TrueConf Client Update Integrity Verification Bypass", "descriptions": [{"lang": "en", "value": "TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-494", "description": "CWE-494: Download of Code Without Integrity Check.", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint", "dateUpdated": "2026-03-30T18:05:42.806Z"}, "references": [{"url": "https://trueconf.com/blog/update/trueconf-8-5"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L"}}]}, "adp": [{"references": [{"url": "https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/", "tags": ["third-party-advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502", "tags": ["government-resource"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T00:00:00+00:00", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-3502"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-04-02", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T03:55:23.638Z"}, "timeline": [{"time": "2026-04-02T00:00:00.000Z", "lang": "en", "value": "CVE-2026-3502 added to CISA KEV"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3502", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T17:04:21.451016Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-04-02", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502"}}}], "references": [{"url": "https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/", "tags": ["third-party-advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:28:12.261Z"}, "timeline": [{"lang": "en", "time": "2026-04-02T00:00:00.000Z", "value": "CVE-2026-3502 added to CISA KEV"}]}], "cna": {"title": "TrueConf Client Update Integrity Verification Bypass", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TrueConf", "product": "TrueConf Client", "versions": [{"status": "affected", "version": "TrueConf Client versions 8.1.0 through 8.5.2"}]}], "references": [{"url": "https://trueconf.com/blog/update/trueconf-8-5"}], "descriptions": [{"lang": "en", "value": "TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-494", "description": "CWE-494: Download of Code Without Integrity Check."}]}], "providerMetadata": {"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint", "dateUpdated": "2026-03-30T18:05:42.806Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3502", "state": "PUBLISHED", "dateUpdated": "2026-04-03T03:55:23.638Z", "dateReserved": "2026-03-03T21:18:35.221Z", "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "datePublished": "2026-03-30T18:05:42.806Z", "assignerShortName": "checkpoint"}, "dataVersion": "5.2"}

{"cisaActionDue": "2026-04-16", "cisaExploitAdd": "2026-04-02", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "TrueConf Client Download of Code Without Integrity Check Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trueconf:trueconf:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C61E9BE0-CED2-4518-933B-7538A4E8F890", "versionEndExcluding": "8.5.3.884", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user."}, {"lang": "es", "value": "TrueConf Client descarga c\u00f3digo de actualizaci\u00f3n de la aplicaci\u00f3n y lo aplica sin realizar verificaci\u00f3n. Un atacante que es capaz de influir en la ruta de entrega de la actualizaci\u00f3n puede sustituir una carga \u00fatil de actualizaci\u00f3n manipulada. Si la carga \u00fatil es ejecutada o instalada por el actualizador, esto puede resultar en ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del proceso de actualizaci\u00f3n o del usuario."}], "id": "CVE-2026-3502", "lastModified": "2026-04-03T11:40:57.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 6.0, "source": "cve@checkpoint.com", "type": "Secondary"}]}, "published": "2026-03-30T19:16:27.053", "references": [{"source": "cve@checkpoint.com", "tags": ["Product", "Release Notes"], "url": "https://trueconf.com/blog/update/trueconf-8-5"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"], "url": "https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502"}], "sourceIdentifier": "cve@checkpoint.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "cve@checkpoint.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.1.0,8.5.2]"}}], "enrichment": {"confidence": 83.0, "confidence_source": "matching", "scores": [{"score": 83.0, "source": "matching"}]}, "original": {"product": "TrueConf Client", "source": "cna", "vendor": "TrueConf"}, "product": "trueconf", "vendor": "trueconf"}], "analysis": {"en": {"generated_at": "2026-04-03T13:21:17.403692+00:00", "value": {"mitigation_remediation": ["Apply the latest TrueConf Client update (version\u202f8.5 or later) that restores update integrity checks.", "If an update is not yet available, disable automatic update downloads or enforce a trusted update server until the patch is applied.", "Monitor the system for anomalous code execution or unexpected changes to the client executable."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the TrueConf Client application. The CVE does not specify which build or version exhibits the flaw; however the references indicate that versions prior to the 8.5 update are vulnerable. Users running an affected instance should therefore treat all installations of TrueConf Client before the 8.5 release as at risk.", "description_and_impact": "In the TrueConf Client, the update mechanism does not verify the integrity of downloaded code before installation. An attacker who can direct the client to an alternative update server can supply a malicious payload. When the updater applies this payload, arbitrary code executes with the privileges of the updater or the current user, enabling full compromise of the affected machine.", "risk_and_exploitability": "The CVSS score of 7.8 reflects a high severity level. The EPSS probability under 1\u202f% suggests that while the flaw is serious, active exploitation remains rare. The entry is marked in CISA\u2019s KEV catalog, confirming that it has been targeted in the wild. Given the nature of the update path, the most likely attack vector is remote delivery of a forged update, requiring the victim to have the TrueConf Client running and fetching updates."}}}}, "created": "2026-03-30T20:55:16.791494+00:00", "updated": "2026-04-03T21:17:52.605800+00:00", "vendors": ["trueconf", "trueconf$PRODUCT$trueconf"]}