Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-7701

Source VulDB

Published May 3, 2026 at 15:30

Affected Product

Vendor Telegram

Product Desktop

Version 6.7.0

Affected Versions Telegram Desktop 6.7.0
Telegram Desktop 6.7.1
Telegram Desktop 6.7.2
Telegram Desktop 6.7.3
Telegram Desktop 6.7.4
Telegram Desktop 6.7.5

CWE Classification

CWE-476 CWE-404

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-05-03T15:30:12.491Z",
    "modified": "2026-05-03T15:30:12.491Z",
    "type": "cve",
    "title": "Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360870\nhttps://vuldb.com/vuln/360870/cti\nhttps://vuldb.com/submit/804341\nhttps://www.youtube.com/watch?v=xo9Bplsy1K8",
    "id": "CVE-2026-7701",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "Telegram Desktop 6.7.0\nTelegram Desktop 6.7.1\nTelegram Desktop 6.7.2\nTelegram Desktop 6.7.3\nTelegram Desktop 6.7.4\nTelegram Desktop 6.7.5",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Desktop",
    "version": "6.7.0",
    "vendor": "Telegram",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference_CVE-2026-7701