CVE-2026-7701
LOW
2,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
404
Improper Resource Shutdown or Release
DraftCommon Consequences
Security Scopes Affected:
Availability
Other
Confidentiality
Potential Impacts:
Dos: Resource Consumption (Other)
Varies By Context
Read Application Data
Applicable Platforms
All platforms may be affected
476
NULL Pointer Dereference
StableCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Read Memory
Modify Memory
Applicable Platforms
Languages:
C, C#, C++, Go, Java
https://vuldb.com/submit/804341
https://vuldb.com/vuln/360870
https://vuldb.com/vuln/360870/cti
https://www.youtube.com/watch?v=xo9Bplsy1K8