According to Alexander Leonov, a leading expert in vulnerability management at PT Expert Security Center within Positive Technologies, leveraging this flaw requires no user interaction and presents a low level of difficulty for an attacker.
MOSCOW, March 28. /TASS/. The messaging application Telegram has been found susceptible to a critical vulnerability, rated almost at the highest danger level according to the Zero Day Initiative project database. An expert from Positive Technologies informed TASS that this security hole enables malicious actors to gain entry to user accounts and, consequently, access their correspondence.
The flaw is currently listed under the “Upcoming” section, meaning its details have not been fully disclosed yet. Researchers indicate that they engage with the affected party on the day of discovery to prompt them to begin remediation. For Telegram, the discovery date was March 26th, and the specifics might be released no sooner than July 24, 2026.
The vulnerability received a score of 9.8 out of 10 on the Common Vulnerability Scoring System. Alexander Leonov, the top vulnerability management specialist at Positive Technologies’ PT Expert Security Center, stated his certainty that an exploit requires zero user interaction and is simple to pull off.
“Judging by the vulnerability vector, we suspect one potential exploitation scenario involves an attacker sending a specifically crafted malicious media file to the target. Upon viewing this file—even without actively clicking on it—malicious code could be executed on the user’s device,” he told TASS.
In theory, Leonov added, exploiting this defect could grant attackers complete dominion over the messenger, “Or provide full access to the user’s account, encompassing all messages,” he hypothesized.
About the Author
