CVE-2026-3502

HIGH KEV

TrueConf Client Update Integrity Verification Bypass

Title source: cna
STIX 2.1

Exploitation Summary

CVE-2026-3502 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 2, 2026. EIP tracks 3 public exploits from researchers including adminlove520, fevar54.

AI-analyzed exploit summary The repository contains a vulnerability checker for CVE-2026-3502, which detects whether a TrueConf server or client is vulnerable to update hijacking. It includes checks for server endpoints, client versions, and indicators of compromise (IOCs).

Description

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Exploits (3)

github SCANNER 3 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2026/CVE-2026-3502

The repository contains a vulnerability checker for CVE-2026-3502, which detects whether a TrueConf server or client is vulnerable to update hijacking. It includes checks for server endpoints, client versions, and indicators of compromise (IOCs).

Classification
Scanner 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TrueConf Client (Windows) versions <= 8.5.3.884
No auth needed
Prerequisites: Access to TrueConf server update endpoint · Local access to check client version or IOCs
devstral-2 · analyzed May 02, 2026 Full analysis →
nomisec SCANNER
by fevar54 · poc
https://github.com/fevar54/CVE-2026-3502-Scanner---TrueConf-Vulnerability-Detection-Tool

This repository contains a Python-based vulnerability detection tool for CVE-2026-3502, targeting TrueConf software. It includes modules for scanning local client installations, checking versions, and detecting indicators of compromise (IOCs) associated with the TrueChaos operation.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: TrueConf (Windows client ≤8.5.3.884)
No auth needed
Prerequisites: Local access to Windows system · TrueConf client installation
devstral-2 · analyzed Apr 08, 2026 Full analysis →
nomisec SCANNER
by fevar54 · poc
https://github.com/fevar54/CVE-2026-3502---TrueConf-Client-Update-Hijacking-PoC

The repository contains a Python-based vulnerability checker for CVE-2026-3502, which targets TrueConf Client's update mechanism. It includes detection logic for vulnerable servers and clients, as well as indicators of compromise (IOCs) but does not include functional exploit code.

Classification
Scanner 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: TrueConf Client (versions <= 8.5.3.884)
No auth needed
Prerequisites: Access to TrueConf server or client installation
devstral-2 · analyzed Apr 08, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0274
EPSS Percentile 86.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2026-04-02
VulnCheck KEV 2026-03-31
ENISA EUVD EUVD-2026-17162
CWE
CWE-494
Status published
Products (2)
trueconf/trueconf < 8.5.3.884
TrueConf/TrueConf Client TrueConf Client versions 8.1.0 through 8.5.2
Published Mar 30, 2026
KEV Added Apr 02, 2026
Tracked Since Mar 31, 2026