A critical vulnerability in TrueConf Client, tracked as CVE-2026-3502, has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog, with a CVSS score of 7.81. This flaw allows the client to download and install updates, potentially enabling malicious actors to exploit it. TrueConf is a videoconferencing platform commonly used in secure, offline networks by governments and critical sectors, making it a high-value target. The addition of CVE-2026-3502 to the KEV catalog indicates that it is being actively exploited, highlighting the need for immediate attention from security teams. The exploitation status of this vulnerability will determine whether it requires a patch-now or monitor approach. This matters to security practitioners because a successful exploit could compromise the security of sensitive networks and systems, emphasizing the need for prompt action to mitigate potential risks.
U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog
⚡ High Priority
Why This Matters
CVE-2026-3502 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, April 4). U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog. SecurityAffairs. https://securityaffairs.com/190341/security/u-s-cisa-adds-a-flaw-in-trueconf-client-to-its-known-exploited-vulnerabilities-catalog.html
Original Source
SecurityAffairs
Read original →