7.8
CVE-2026-3502
- EPSS 1.48%
- Veröffentlicht 30.03.2026 18:05:42
- Zuletzt bearbeitet 03.04.2026 11:40:57
- Quelle cve@checkpoint.com
- CVE-Watchlists
- Unerledigt
LoginTrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
02.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
TrueConf Client Download of Code Without Integrity Check Vulnerability
SchwachstelleTrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.48% | 0.81 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@checkpoint.com | 7.8 | 1.2 | 6 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
|
CWE-494 Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.