TrueConf Client Zero-Day CVE-2026-3502 Exploited Against Government Entities
Summary
A high-severity zero-day vulnerability (CVE-2026-3502) in TrueConf Client video conferencing software is being exploited in attacks targeting government entities in Southeast Asia. The flaw allows attackers to distribute tampered software updates and execute arbitrary code. CISA added this to its KEV catalog on April 2, 2026.
Threat Analysis
CVE-2026-3502 is a "Download of Code Without Integrity Check" vulnerability in TrueConf Client, a video conferencing application. The vulnerability allows attackers to intercept the application update mechanism and distribute malicious, tampered updates that execute arbitrary code on victim systems. Active exploitation has been observed targeting government entities in Southeast Asia, suggesting a nation-state or advanced threat actor involvement. CISA added CVE-2026-3502 to its Known Exploited Vulnerabilities catalog on April 2, 2026. Organizations using TrueConf Client should immediately apply available patches, verify the integrity of any pending updates, and consider temporarily disabling automatic updates until patched versions are deployed. Network defenders should monitor for unusual outbound connections from TrueConf processes.