CVE-2026-3502
highTrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
7.8
cvss
high
common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.
epss
0.0001
kev
no
cisa known exploited vulnerabilities catalog. confirmed active exploitation.
CVSS 3.1
Common Vulnerability Scoring System v3.1
7.8
/ 10
HIGH
exploitability
Attack Vector
Adjacent
Attack Vector (AV:A): requires access to the local network segment (e.g. same WiFi, VLAN). not exploitable from the internet.
Attack Complexity
Low
Attack Complexity (AC:L): no special conditions needed. attack can be reliably reproduced.
Privileges Required
High
Privileges Required (PR:H): requires admin or highly privileged access.
User Interaction
Required
User Interaction (UI:R): victim must perform some action (e.g. clicking a link, opening a file).
impact
Scope
Changed
Scope (S:C): exploitation impacts resources beyond the vulnerable component.
Confidentiality
High
Confidentiality (C:H): total information disclosure. attacker gains access to all data within the component.
Integrity
High
Integrity (I:H): complete data modification possible. attacker can modify any data.
Availability
Low
Availability (A:L): reduced performance or partial service interruption.
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
activity density
rdintel assessment
composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.
sign in to view full intelligence
pocs, detection rules, timeline, advisories, and more