Telegram Desktop Null Pointer Dereference Vulnerability in Bot API Component

Vulnerability

A null pointer dereference vulnerability has been identified in Telegram Desktop versions prior to 6.7.5. This issue arises in the Bot API component, specifically within the RequestButton function of the url_auth_box.cpp file. The vulnerability can be exploited remotely by manipulating the login_url argument.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, which can cause a denial-of-service condition by crashing the application.

Added: May 3, 2026, 4:18 PM

Updated: May 3, 2026, 4:18 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

6.0

remediation

0.0

relevance

7.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

6.0

remediation

0.0

relevance

7.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Telegram Desktop Null Pointer Dereference Vulnerability in Bot API Component

Vulnerability

Impact

Affected Products

Telegram Desktop

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating