Ethical Hacking News
U.S. CISA adds a critical vulnerability in TrueConf Client to its Known Exploited Vulnerabilities catalog. This flaw allows attackers to deliver malicious updates, leading to arbitrary code execution on the system. Government entities and organizations using TrueConf Client are advised to take immediate action to address this vulnerability.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical vulnerability in TrueConf Client, a popular videoconferencing platform. CISA has assigned a CVE-2026-3502 (CVSS score of 7.8) to the vulnerability, making it easy for attackers to exploit it. Threat actors have already exploited this vulnerability to compromise TrueConf servers in government environments. The attack, dubbed Operation TrueChaos, targeted dozens of government entities across the country, using tactics like DLL sideloading and targeting victims. CISA has ordered federal agencies to fix the vulnerability by April 16, 2026. Private organizations are also recommended to review the Known Exploited Vulnerabilities catalog and address vulnerabilities in their infrastructure.
U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken notice of a critical vulnerability in the TrueConf Client, a popular videoconferencing platform used by governments and critical sectors around the world. This move is part of CISA's efforts to identify and mitigate known exploited vulnerabilities that pose a significant risk to national security.
In its latest addition to the Known Exploited Vulnerabilities (KEV) catalog, CISA has assigned a CVE-2026-3502 (CVSS score of 7.8) to this vulnerability in TrueConf Client. This means that attackers can exploit this flaw to download and install malicious updates without verifying their authenticity, which could lead to arbitrary code execution on the system.
According to researchers at Check Point, threat actors have already taken advantage of this vulnerability to compromise TrueConf servers in government environments. By tampering with update files, attackers can deliver malicious updates that trick users into installing them, resulting in infections delivered through the normal update process. This has led to a wave of attacks dubbed Operation TrueChaos, which targeted dozens of government entities across the country.
The compromised TrueConf on-premises servers were operated by governmental IT departments and served as video conferencing platforms for these organizations. It is worth noting that this attack was linked to a China-aligned threat actor with moderate confidence, citing tactics such as DLL sideloading, use of Alibaba and Tencent infrastructure, and targeted victims.
In light of this vulnerability, CISA has ordered federal agencies to fix the vulnerability by April 16, 2026. Experts also recommend that private organizations review the KEV catalog and address the vulnerabilities in their infrastructure to prevent similar attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/The-TrueConf-Vulnerability-A-Threat-to-Secure-Video-Conferencing-ehn.shtml
https://securityaffairs.com/190341/security/u-s-cisa-adds-a-flaw-in-trueconf-client-to-its-known-exploited-vulnerabilities-catalog.html
https://cyberpress.org/cisa-adds-trueconf-flaw/
https://windowsforum.com/threads/cisa-adds-trueconf-kev-cve-2026-3502-patch-code-integrity-flaws-now.409477/
https://nvd.nist.gov/vuln/detail/CVE-2026-3502
https://www.cvedetails.com/cve/CVE-2026-3502/
Published: Sat Apr 4 12:25:18 2026 by llama3.2 3B Q4_K_M
