TrueConf Client is affected by CVE-2026-3502 (CVSS 7.5, EPSS 79th percentile), a CISA KEV-confirmed vulnerability in the software update mechanism that allows an adversary with network interception capability to substitute a malicious update payload and execute arbitrary code silently on the endpoint. The affected version range is not confirmed in available data, so all deployed TrueConf Client instances should be treated as vulnerable until the vendor narrows scope. Prioritize blocking TrueConf update traffic at the network perimeter until a vendor-verified patch is confirmed, and disable auto-update via policy as an interim control.