CVE-2026-3502 — TrueConf Client: TrueConf Client Download of Code Without Integrity Check Vulnerability

April 02, 2026 15:00 /HIGH

CISA KEV vulnerabilitycvecisa-kevactively-exploited

CVE-2026-3502 — TrueConf Client: TrueConf Client Download of Code Without Integrity Check Vulnerability

Image via

CVE-2026-3502 — TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code executi

What This Means For You

CISA has confirmed active exploitation — immediate patching required.
Added to CISA KEV catalog — federal agencies must remediate by 2026-04-16.

Indicators of Compromise

ID	Type	Indicator
CVE-2026-3502	Code Injection	TrueConf Client: download of code without integrity check vulnerability. Attacker can substitute a tampered update payload, leading to arbitrary code execution in the context of the updating process or user.
CVE-2026-3502	Misconfiguration	TrueConf Client: vulnerability in update delivery path allowing substitution of tampered update payload.

🔎

Turn this CVE into SIEM detection coverage Generate detection rules for Splunk, Sentinel, QRadar & Elastic — straight from this vulnerability. Use /detect in the Intel Bot.

Open Intel Bot →

Source & Attribution

Source Platform	CISA
Channel	CISA KEV
Published	April 02, 2026 at 15:00 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

What This Means For You

Indicators of Compromise

Related coverage

CVE-2026-20240 — Denial of Service

Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data

CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged