CVE-2026-3502

Published: Mar 30, 2026 Last Modified: Mar 30, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,8

Source: [email protected]

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: high

User Interaction: required

Scope: changed

Confidentiality: high

Integrity: high

Availability: low

Description

AI Translation Available

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

494

Download of Code Without Integrity Check

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Confidentiality Other

Potential Impacts:

Execute Unauthorized Code Or Commands Alter Execution Logic Other

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

https://trueconf.com/blog/update/trueconf-8-5

CVE-2026-3502

Description

Download of Code Without Integrity Check

Common Consequences

Applicable Platforms

Iscriviti alla newsletter