TrueConf Client is affected by a software update integrity bypass (CVE-2026-3502, CVSS 7.8, CWE-494) that allows an attacker to substitute a malicious payload during the update process, achieving arbitrary code execution in the context of the updating user. The item description references CISA KEV addition indicating active exploitation, but the structured data field lists cisa_kev as false — this conflict must be resolved by direct verification against the CISA KEV catalog at cisa.gov before determining response urgency. Disable automatic TrueConf Client updates immediately, confirm vendor-patched version and KEV status, and apply the official signed update once verified.