criticalCISA KEVCVE-2026-3502

TrueConf Client Download of Code Without Integrity Check Vulnerability

TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

ProductClient
CVSS7.8
EPSS0.0575
UpdatedJuly 9, 2026

Quick answer

TrueConf Client should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Review vendor advisory for affected versions.

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

Treat CVE-2026-3502 as an actively exploited update-chain risk for TrueConf Client. Review every Windows TrueConf Client installation, especially versions 8.1.0 through 8.5.2 and builds below 8.5.3.884. Upgrade to a vendor-supported build at or above 8.5.3.884, preferably the latest TrueConf 8.5.4.x release from the official TrueConf download page, and verify the downloaded installer checksum before deployment. If an immediate upgrade is not possible, disable or restrict untrusted update delivery paths, isolate affected clients, and investigate any system where the update channel may have been intercepted or modified.

  1. Inventory all TrueConf Client installations and record the installed version on each Windows endpoint.
  2. Prioritize versions 8.1.0 through 8.5.2, or any TrueConf Client build below 8.5.3.884, for immediate remediation.
  3. Download the patched TrueConf Client only from the official TrueConf download or release page.
  4. Verify the vendor-provided checksum before installing or distributing the client package.
  5. Upgrade affected endpoints to version 8.5.3.884 or later; use the current vendor-supported 8.5.4.x build where compatible.
  6. Temporarily block untrusted update sources and restrict update traffic to trusted network paths until all clients are patched.
  7. Review update servers, proxies, endpoint logs, and EDR telemetry for signs that a tampered update package was delivered or executed.
  8. Rebuild or isolate hosts where suspicious updater behavior, unexpected child processes, or unauthorized binaries are found.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm every TrueConf Client endpoint reports version 8.5.3.884 or later.
  • Confirm deployed installers match the checksum published by TrueConf for that distribution.
  • Validate that client update traffic uses trusted vendor or managed infrastructure and is not routed through an untrusted delivery path.
  • Run a Fixnx scan against public assets and related management endpoints after remediation.
  • Review endpoint and network logs for failed or suspicious update attempts after the patch window.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-3502?

TrueConf Client should be checked against the vendor advisory and trusted references linked on this page.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.