# CVE-2026-3502

> Zero-day vulnerability in TrueConf Windows client (versions prior to 8.5.3.884) where the application downloads and applies update code without performing integrity or authenticity verification (CWE-494). Exploited in Operation TrueChaos by a Chinese-nexus threat actor targeting Southeast Asian government entities. The attacker compromised an on-premises TrueConf server and replaced the legitimate client update package with a trojanized Inno Setup installer that deployed a multi-stage attack chain including DLL side-loading via poweriso.exe, UAC bypass via iscsicpl.exe, and Havoc C2 implant co

- **CVSS:** 7.8 (HIGH)
- **EPSS:** 1.5%
- **CISA KEV:** yes
- **CWE:** CWE-494

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-3502
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp