CVE-2026-7701 | Telegram Desktop up to 6.7.5 Bot API url_auth_box.cpp RequestButton login_url null pointer dereference

A vulnerability was found in Telegram Desktop up to 6.7.5. It has been classified as problematic. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference.

This vulnerability is traded as CVE-2026-7701. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7701 | Telegram Desktop up to 6.7.5 Bot API url_auth_box.cpp RequestButton login_url null pointer dereference

Post correlati

CVE-2025-68700 | infiniflow ragflow up to 0.22.x Frontend Canvas CodeExec eval os command injection

CVE-2025-49869 | Arraytics Eventin Plugin up to 4.0.31 on WordPress deserialization

CVE-2024-39425 | Adobe Acrobat Reader toctou (apsb24-57)

CVE-2026-22481 | BD Courier Order Ratio Checker Plugin up to 2.0.1 on WordPress authorization