CISA Adds TrueConf Vulnerability to KEV Catalog Following Active Exploitation

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting TrueConf software to its Known Exploited Vulnerabilities (KEV) catalog.

Tracked as CVE-2026-3502, this security flaw is currently facing active exploitation in the wild. The discovery has prompted federal agencies and private organizations to take immediate defensive action to secure their networks.

The vulnerability exists within the TrueConf Client and is formally categorized as a “Download of Code Without Integrity Check” issue, tracking under CWE-494.

When the TrueConf software attempts to perform a routine update, it fails to properly verify the digital authenticity and integrity of the incoming files. This structural oversight creates a dangerous opening for threat actors.

If an attacker manages to intercept, spoof, or influence the update delivery network, they can substitute the legitimate software update with a tampered, malicious payload.

When the TrueConf updater executes or installs this fake file, it grants the attacker arbitrary code execution privileges. Ultimately, this means the hacker can run unauthorized commands on the victim’s system.

Depending on the system’s configuration, this could allow threat actors to take full control of the affected machine, install persistent backdoors, or move laterally across the corporate network.

CISA added this flaw to the KEV catalog on April 2, 2026, and has set a strict remediation deadline for April 16, 2026.

Federal Civilian Executive Branch (FCEB) agencies are legally mandated to secure their systems by this date under Binding Operational Directive (BOD) 22-01.

Security teams and network administrators utilizing TrueConf must implement the following security measures:

• Apply all available mitigations and security updates exactly as detailed by the vendor instructions.
• Follow applicable BOD 22-01 guidance for associated cloud services to ensure network routes remain secure.
• Discontinue the use of the product immediately if official patches or mitigations are currently unavailable.

At this time, cybersecurity researchers note that it remains unknown whether ransomware cartels are actively leveraging CVE-2026-3502 in their extortion campaigns.

However, because the flaw easily allows for arbitrary code execution, it serves as a highly attractive entry point for various types of malware deployment and data theft operations.

While CISA’s patching directive legally applies only to federal agencies, security experts strongly urge all private companies, educational institutions, and individuals using TrueConf to patch their systems before the mid-April deadline.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post CISA Adds TrueConf Vulnerability to KEV Catalog Following Active Exploitation appeared first on Cyber Security News.