CVE-2026-7701 | Telegram Desktop up to 6.7.5 Bot API url_auth_box.cpp RequestButton login_url null pointer dereference

May 2, 2026 Yanac

A vulnerability was found in Telegram Desktop up to 6.7.5. It has been classified as problematic. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference.

This vulnerability is traded as CVE-2026-7701. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More