Telegram Telegram_desktop
9 CVEs affecting Telegram Telegram_desktop. Latest disclosed: 2026-01-16. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-17613 | Critical | 9.8 | 2018-09-28 | Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. |
CVE-2019-10044 | High | 8.8 | 2019-03-25 | Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying… |
CVE-2020-17448 | High | 7.8 | 2020-08-11 | Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat… |
CVE-2021-47793 | High | 7.5 | 2026-01-16 | Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attac… |
CVE-2018-17231 | High | 7.5 | 2018-09-19 | Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette"… |
CVE-2020-12474 | Medium | 6.5 | 2020-05-01 | Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public U… |
CVE-2018-17780 | Medium | 6.5 | 2018-09-29 | Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsaf… |
CVE-2021-36769 | Medium | 5.3 | 2021-07-17 | A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the ser… |
CVE-2020-25824 | Low | 2.4 | 2020-10-14 | Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim… |