Zero-Day Security Alert — April 3, 2026: TrueConf Client Update Integrity Bypass Actively Exploited

Daily Security Briefing

April 3, 2026

CVE-2026-3502 | CVSS 7.8 | HIGH Severity | Actively Exploited (CISA KEV)

Affected Product

TrueConf TrueConf Client for Windows, all versions prior to 8.5.3.884

Description

TrueConf Client downloads application update code and applies it without performing integrity verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the malicious payload is executed or installed by the updater, this results in arbitrary code execution in the context of the updating process or user. Check Point Research has documented active exploitation of this vulnerability in Operation TrueChaos, a campaign targeting Southeast Asian government entities.

Attack Vector

Adjacent network access is required to intercept or redirect the update delivery path. The attacker must have sufficient access to position themselves between the client and the update server (for example, via ARP poisoning, DNS spoofing, or a compromised network intermediary). Once the tampered payload is delivered, a user who runs or triggers the update process executes the malicious code. The attack requires high privileges on the delivery side but the user-interaction trigger (running the updater) is routine behavior in managed enterprise environments.

Remediation

Update TrueConf Client to version 8.5.3.884 or later. Apply mitigations per TrueConf vendor instructions. For cloud-connected deployments, follow applicable CISA BOD 22-01 guidance. If patching is not immediately possible and the product is deployed in sensitive network segments, consider isolating or discontinuing use until a remediated version can be deployed.

CISA Remediation Due Date: April 16, 2026

This report is generated automatically from NVD and CISA KEV data. Always verify findings against official vendor advisories before taking action.