What happened
A critical TrueConf vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog after the agency confirmed active exploitation in the wild. Tracked as CVE-2026-3502, the flaw affects TrueConf Client and is categorized as a download-of-code-without-integrity-check issue. The problem occurs during software updates, when the client fails to properly verify the authenticity and integrity of incoming files. That weakness can allow an attacker to substitute a legitimate update with a malicious payload if the update delivery path is influenced or spoofed. Once the tampered file is executed, the attacker can run unauthorized code on the victim’s system. CISA added the flaw to the KEV catalog on April 2, 2026 and set an April 16, 2026 remediation deadline for federal agencies.
Who is affected
The direct exposure affects organizations using TrueConf Client, especially environments where the software is allowed to update through a compromised or manipulated delivery path. Federal Civilian Executive Branch agencies are specifically required to remediate the issue under Binding Operational Directive 22-01, but the risk also extends to private organizations, schools, and individual users running the affected client.
Why CISOs should care
This issue matters because it creates a path from a routine software update into arbitrary code execution on the affected system. In practice, that can give attackers a foothold to run commands, install persistent access, or move deeper into a network if the compromised machine sits inside a larger enterprise environment.
3 practical actions
- Apply vendor fixes and mitigations immediately: Follow the available TrueConf remediation guidance without delay because CISA has already confirmed active exploitation and placed the issue in the KEV catalog.
- Secure the update path: Review how TrueConf updates are delivered and whether update traffic could be intercepted, spoofed, or otherwise influenced in your environment.
- Discontinue use if protections are unavailable: If no official patch or mitigation is currently available for your deployment, remove the product from use until the exposure can be addressed.
For more news about security flaws under active exploitation, click Vulnerability to read more.