LOW
Telegram
CVE published 2026-05-03
CVE-2026-7701
A disputed null pointer dereference vulnerability in Telegram Desktop up to version 6.7.5, affecting the RequestButton function in url_auth_box.cpp. The issue involves manipulation of the login_url argument in the Bot API component. The vendor disputes this constitutes a security vulnerability, characterizing it as a one-time crash requiring user interaction with no persistent effects. The CVE was publish [truncated]