CVE-2026-3502 - CERT CVE

  1. CVE-2026-3502

ID CVE-2026-3502
Sažetak TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
Reference
CVSS
Base: 7.8
Impact: 6.0
Exploitability:1.2
Pristup
VektorSloženostAutentikacija
ADJACENT_NETWORK LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH LOW
CVSS vektor CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
Zadnje važnije ažuriranje 30-03-2026 - 19:16
Objavljeno 30-03-2026 - 19:16