Detections
Analytics

TrueConf Windows Client < 8.5.3.884 Download of Code Without Integrity Check Vulnerability (CVE-2026-3502)

high Nessus Plugin ID 320363

Synopsis

The version of TrueConf Windows Client installed on the remote host is affected by a remote code execution vulnerability.

Description

The version of TrueConf Windows Client installed on the remote host is prior to 8.5.3.884. It is, therefore, affected by a vulnerability:

 — A remote code execution vulnerability exists in the TrueConf Client update mechanism due to lack of cryptographic verification of update packages. An attacker with control of the TrueConf server can exploit this to distribute and execute arbitrary code on connected clients with the privileges of the TrueConf application. (CVE-2026-3502)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update to TrueConf Windows Client version 8.5.3.884 or later.

See Also

http://www.nessus.org/u?c22553c1

http://www.nessus.org/u?4d348adb

Plugin Details

Severity: High

ID: 320363

File Name: trueconf_client_win_8_5_3_884.nasl

Version: 1.1

Type: Local

Agent: windows

Family: Windows

Published: 6/10/2026

Updated: 6/10/2026

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:A/AC:L/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2026-3502

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Vulnerability Information

CPE: cpe:/a:trueconf:trueconf

Required KB Items: installed_sw/TrueConf Client

Patch Publication Date: 3/25/2026

Vulnerability Publication Date: 3/25/2026

Reference Information

CVE: CVE-2026-3502