CVE-2026-3502TrueConf Client Download of Code Without Integrity Check Vulnerability

PUBLISHEDvulnerability record
2026-04-02 · last modified April 7, 2026

Metadata

CVE ID:
CVE-2026-3502
项目:
TrueConf
产品:
Client
添加日期:
2026-04-02
到期日:
2026-04-16
最后更新:
April 7, 2026

漏洞名称

TrueConf Client Download of Code Without Integrity Check Vulnerability

描述

TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

已知用于勒索软件活动吗?

勒索软件状态:
Unknown

采集行动

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

其他说明

相关 CWE