high Code Vulnerability zero-day
TrueConf Zero-Day Exploited by Chinese APT (TrueChaos)
| CVE | CVE-2026-3502 |
| Severity | high |
| Status | open |
| Date | April 2, 2026 |
| Affects | TrueConf Windows client (on-premises video conferencing) |
| Source | thehackernews.com |
Details
CVSS 7.8. Code integrity bypass in TrueConf’s update mechanism. Attacker controlling the on-premises server can push arbitrary code to all connected endpoints. Exploited against Southeast Asian government entities using Havoc C2. CISA added to KEV — federal patch deadline April 16. Fix: TrueConf 8.5.3.