Storm Brews Over Critical, No-Click Telegram Flaw

A critical zero-click vulnerability (CVE, CVSS 9.8) has been identified in Telegram that can allegedly be triggered by sending a corrupted sticker to a target user. This flaw requires no user interaction, making it particularly dangerous as attackers could achieve remote code execution simply by sending a malicious message. Telegram has publicly denied the existence of this vulnerability. Organizations using Telegram for business communications should monitor for patches, implement application sandboxing, and consider restricting Telegram use on sensitive systems until the issue is resolved. Users should ensure their applications are updated promptly when fixes become available.

The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists.

A critical zero-click vulnerability (CVE, CVSS 9.8) has been identified in Telegram that can allegedly be triggered by sending a corrupted sticker to a target user. This flaw requires no user interaction, making it particularly dangerous as attackers could achieve remote code execution simply by sending a malicious message. Telegram has publicly denied the existence of this vulnerability. Organizations using Telegram for business communications should monitor for patches, implement application sandboxing, and consider restricting Telegram use on sensitive systems until the issue is resolved. Users should ensure their applications are updated promptly when fixes become available. The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists. The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists.