[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-3502":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-05T09:10:37.156Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":69,"duplicate_of":9,"upstream":70,"downstream":71,"duplicates":72,"related":73,"reserved_at":9,"published_at":74,"modified_at":75,"state":76,"summary":77,"references_raw":88,"kevs":107,"epss":118,"epss_history":121,"metrics":135,"affected":143},"CVE-2026-3502","TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-494","Download of Code Without Integrity Check","The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.","weakness","Draft","Base","Medium",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-184","Software Integrity Attack",[],{"id":25,"name":26,"techniques":27},"CAPEC-185","Malicious Software Download",[],{"id":29,"name":30,"techniques":31},"CAPEC-186","Malicious Software Update",[],{"id":33,"name":34,"techniques":35},"CAPEC-187","Malicious Automated Software Update via Redirection",[],{"id":37,"name":38,"techniques":39},"CAPEC-533","Malicious Manual Software Update",[],{"id":41,"name":42,"techniques":43},"CAPEC-538","Open-Source Library Manipulation",[],{"id":45,"name":46,"techniques":47},"CAPEC-657","Malicious Automated Software Update via Spoofing",[],{"id":49,"name":50,"techniques":51},"CAPEC-662","Adversary in the Browser (AiTB)",[],{"id":53,"name":54,"techniques":55},"CAPEC-691","Spoof Open-Source Software Metadata",[],{"id":57,"name":58,"techniques":59},"CAPEC-692","Spoof Version Control System Commit Metadata",[],{"id":61,"name":62,"techniques":63},"CAPEC-693","StarJacking",[],{"id":65,"name":66,"techniques":67},"CAPEC-695","Repo Jacking",[],[],[],[],[],[],[],"2026-03-30T18:05:42.806Z","2026-04-03T03:55:23.638Z","Analyzed",{"cisa_kev":78,"cisa_ransomware":79,"cisa_vendor":80,"epss_severity":81,"epss_score":82,"severity":83,"severity_score":84,"severity_version":85,"severity_source":86,"severity_vector":87,"severity_status":76},true,false,"TrueConf","low",0.01218,"high",7.8,"v3.1","cve.org","CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L",[89,96,101],{"url":90,"sources":91,"tags":93},"https://trueconf.com/blog/update/trueconf-8-5",[86,92],"nvd",[94,95],"Product","Release Notes",{"url":97,"sources":98,"tags":99},"https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/",[86,92],[100],"Third Party Advisory",{"url":102,"sources":103,"tags":104},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502",[86,92],[105,106],"Government Resource","US Government Resource",[108],{"source":109,"vendor":80,"product":110,"date_added":111,"vulnerability_name":112,"short_description":113,"required_action":114,"due_date":115,"known_ransomware_campaign_use":116,"notes":117,"exploitation_type":9},"cisa","Client","2026-04-02","TrueConf Client Download of Code Without Integrity Check Vulnerability","TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-04-16","Unknown","https://trueconf.com/blog/update/trueconf-8-5 ; https://trueconf.com/downloads/windows.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3502",{"date":119,"score":82,"percentile":120},"2026-04-04",0.79028,[122,126,129,131,134],{"date":123,"score":124,"percentile":125},"2026-03-31",0.00009,0.00897,{"date":127,"score":124,"percentile":128},"2026-04-01",0.00896,{"date":111,"score":124,"percentile":130},0.00901,{"date":132,"score":82,"percentile":133},"2026-04-03",0.79015,{"date":119,"score":82,"percentile":120},[136,141],{"source":86,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":137,"cvss_v4_0":9},{"baseScore":84,"baseSeverity":138,"vectorString":87,"impactScore":139,"exploitabilityScore":140},"HIGH",10,3.1,{"source":92,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":142,"cvss_v4_0":9},{"baseScore":84,"baseSeverity":138,"vectorString":87,"impactScore":139,"exploitabilityScore":140},[144,153],{"ecosystem":9,"name":145,"vendor":145,"product":145,"cpe_part":146,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":147},"trueconf","a",[148],{"version":149,"is_range":78,"range_type":150,"version_start":9,"version_start_type":9,"version_end":151,"version_end_type":152,"fixed_in":9},"lt8.5.3.884","cpe","8.5.3.884","excluding",{"ecosystem":9,"name":154,"vendor":145,"product":155,"cpe_part":146,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":156},"TrueConf Client","trueconf client",[157],{"version":158,"is_range":79,"range_type":86,"version_start":158,"version_start_type":159,"version_end":158,"version_end_type":159,"fixed_in":9},"TrueConf Client versions 8.1.0 through 8.5.2","including"]