Critical TrueConf Vulnerability Under Active Exploitation Added to CISA’s KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-3502, a severe vulnerability in TrueConf Client software, to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in the wild. The flaw, classified as a "Download of Code Without Integrity Check" (CWE-494), allows attackers to bypass security checks during software updates.
When TrueConf’s updater retrieves files, it fails to verify their authenticity, enabling threat actors to intercept and replace legitimate updates with malicious payloads. Successful exploitation grants arbitrary code execution, potentially leading to full system compromise, backdoor installation, or lateral movement within corporate networks.
CISA issued the alert on April 2, 2026, setting a remediation deadline of April 16, 2026, for Federal Civilian Executive Branch (FCEB) agencies under Binding Operational Directive (BOD) 22-01. While the mandate applies only to federal entities, security experts warn that private organizations, educational institutions, and individuals using TrueConf are also at risk.
TrueConf users are advised to apply vendor-provided patches immediately and follow CISA’s mitigation guidance, including securing cloud service routes. If no patch is available, discontinuing use of the software is recommended. Though it remains unclear whether ransomware groups are exploiting this flaw, its potential for malware deployment and data theft makes it a prime target for cybercriminals.
Source: https://cybersecuritynews.com/cisa-trueconf-vulnerability-kev-catalog/
TrueCore Federal Credit Union cybersecurity rating report: https://www.rankiteo.com/company/truecore-federal-credit-union
"id": "TRU1775449552",
"linkid": "truecore-federal-credit-union",
"type": "Vulnerability",
"date": "4/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Federal Civilian Executive '
'Branch (FCEB) agencies, private '
'organizations, educational '
'institutions, individuals',
'industry': 'Technology/Communications',
'name': 'TrueConf',
'type': 'Software Vendor'}],
'attack_vector': 'Software Update Interception',
'customer_advisories': 'TrueConf users advised to apply patches immediately '
'or discontinue use if no patch is available',
'date_publicly_disclosed': '2026-04-02',
'description': 'CISA has added CVE-2026-3502, a severe vulnerability in '
'TrueConf Client software, to its Known Exploited '
'Vulnerabilities (KEV) catalog after confirming active '
'exploitation in the wild. The flaw allows attackers to bypass '
'security checks during software updates, enabling arbitrary '
'code execution and potential full system compromise.',
'impact': {'operational_impact': 'Potential full system compromise, backdoor '
'installation, lateral movement within '
'corporate networks',
'systems_affected': 'TrueConf Client software'},
'post_incident_analysis': {'corrective_actions': 'Implement integrity checks '
'for software updates',
'root_causes': 'Failure to verify authenticity of '
'software updates'},
'recommendations': 'Apply vendor-provided patches immediately, secure cloud '
'service routes, discontinue use if no patch is available',
'references': [{'source': 'CISA Known Exploited Vulnerabilities Catalog'}],
'regulatory_compliance': {'regulations_violated': 'Binding Operational '
'Directive (BOD) 22-01 (for '
'FCEB agencies)',
'regulatory_notifications': 'CISA alert issued on '
'April 2, 2026'},
'response': {'containment_measures': 'Apply vendor-provided patches, secure '
'cloud service routes, discontinue use '
'if no patch is available',
'remediation_measures': 'Apply vendor-provided patches'},
'title': 'Critical TrueConf Vulnerability Under Active Exploitation Added to '
'CISA’s KEV Catalog',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2026-3502 (Download of Code Without Integrity '
'Check - CWE-494)'}