CVE-2026-7701

Medienbericht

EPSS 0.39%
Veröffentlicht 03.05.2026 15:30:12
Zuletzt bearbeitet 19.05.2026 15:16:32
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. There is ongoing doubt regarding the real existence of this vulnerability. Upgrading to version 6.7.6 is able to resolve this issue. Upgrading the affected component is recommended. The vendor provides this rationale for the dispute: "[T]he described scenario does not lead to any security issue or vulnerability, and only causes a one-time crash. In the outlined scenario, the targeted user must perform an active action, which doesn't produce any consequences after the app is relaunched."

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 7

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerTelegram

≫

Produkt Desktop

Version 6.7.0

Status affected

Version 6.7.1

Status affected

Version 6.7.2

Status affected

Version 6.7.3

Status affected

Version 6.7.4

Status affected

Version 6.7.5

Status affected

Version 6.7.6

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.31

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cna@vuldb.com	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://vuldb.com/vuln/360870

https://vuldb.com/vuln/360870/cti

https://vuldb.com/submit/804341

https://www.youtube.com/watch?v=xo9Bplsy1K8

https://nvd.nist.gov/vuln/detail/CVE-2026-7701

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-7701

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-7701

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-7701