CISA adds actively exploited TrueConf flaw to KEV and gives agencies until April 16 to patch

CISA has added CVE-2026-3502, a TrueConf Client vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. The agency says federal civilian agencies must apply mitigations by April 16, 2026, or stop using the product if fixes are unavailable. The flaw affects the TrueConf Client update process. NVD describes it as a download-of-code-without-integrity-check issue, […] The post CISA adds actively exploited TrueConf flaw to KEV and gives agencies until April 16 to patch appeared first on VPN Central.