Product
telegram
37 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-47793
CVE-2024-7014
CVE-2023-34658
CVE-2023-26818
CVE-2022-43363
CVE-2021-41861
CVE-2021-40532
CVE-2021-37596
CVE-2021-36769
CVE-2021-31323
CVE-2021-31322
CVE-2021-31321
CVE-2021-31320
CVE-2021-31319
CVE-2021-31318
CVE-2021-31317
CVE-2021-31315
CVE-2021-30496
CVE-2021-27351
CVE-2021-27205
CVE-2021-27204
CVE-2020-25824
CVE-2020-17448
CVE-2020-12474
CVE-2020-10570
CVE-2019-16248
CVE-2019-15514
CVE-2019-10044
CVE-2018-3986
CVE-2018-20436
CVE-2018-15543
CVE-2018-15542
CVE-2018-17780
CVE-2018-17613
CVE-2018-17231
CVE-2017-17715
CVE-2014-8688
all versions
Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an ove
< 10.14.5
EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions
all versions
Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewCo
all versions
Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES
all versions
Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been
>= 7.5.0 and <= 7.8.0
The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerabi
< 0.7.2
Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension.
all versions
Telegram Web K Alpha 0.6.1 allows XSS via a document name.
< 7.8.1
A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8.
< 7.1.0
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LottiePar
< 7.1.0
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradie
< 7.1.0
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_spli
< 7.1.0
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradient
< 7.1.0
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient:
< 7.1.0
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerIte
< 7.1.0
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constru
< 7.1.0
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit func
all versions
The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pa
<= 7.2.1
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails
< 7.4.0
Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensi
< 7.4.0
Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.
<= 2.4.3
Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard.
<= 2.1.13
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as de
<= 6.0.1
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph atta
<= 5.12.0
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypas
< 5.11.0
The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory.
all versions
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access l
all versions
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homo
all versions
An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging a
all versions
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs
all versions
An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric v
all versions
An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication b
all versions
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses duri
all versions
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext ove
all versions
Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit)
< 2017-12-08
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory t
all versions
An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext i