ACCORDING to Known Exploited Vulnerabilities Catalog, the entry for TrueConf is CVE-2026-3502, described as a Client Download of Code Without Integrity Check Vulnerability. An attacker who can influence the update delivery path can substitute a tampered update payload, potentially leading to arbitrary code execution in the context of the updating process or user.
The entry notes the Date Added as 02 April 2026 and a Due Date of 16 April 2026, with guidance to apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Related notes point to vendor resources, including update and download pages, and a NIST CVE entry for the vulnerability. Known To Be Used in Ransomware Campaigns? Unknown.