#cybersecurity #infosec #rce #zeroclick #vulnerability #telegram | Dmitriy Galasli | 10 comments

𝗧𝗵𝗶𝘀 𝗰𝗼𝘂𝗹𝗱 𝗯𝗲 𝘂𝘀𝗲𝗱 𝘁𝗼 𝗵𝗮𝗰𝗸 𝗮𝗻𝘆𝗼𝗻𝗲 A critical vulnerability has been discovered in Telegram, rated 9.8 on the CVSS scale. Details are not yet disclosed, but given the near-maximum score, it could potentially be a 0-click RCE — meaning an attacker might gain access to a target device simply by sending a crafted payload through the client. The issue was discovered by Michael DePlante , a researcher known for hunting bugs in major companies such as Apple, Adobe, and Avast. In 2024 alone, he identified 37 vulnerabilities, bringing his total to over 150. Many of his findings involve improper file parsing, which increases the likelihood of RCE in platforms like Telegram. There is currently no patch available, and full disclosure is expected no later than 24 July 2026, once responsible disclosure timelines are met. 𝗙𝗼𝗿 𝗻𝗼𝘄 — 𝗲𝘃𝗲𝗿𝘆𝗼𝗻𝗲 𝗺𝗮𝘆 𝗯𝗲 𝗮𝗳𝗳𝗲𝗰𝘁𝗲𝗱 Research: https://lnkd.in/e8zrCNZ5 #CyberSecurity #InfoSec #RCE #ZeroClick #Vulnerability #Telegram | 10 comments on LinkedIn