A recently disclosed Telegram vulnerability, tracked as ZDI-CAN-30207 with a CVSS score of 9.8, allegedly allows attackers to execute code on targeted devices without user interaction1. This zero-click remote code execution flaw can be exploited by sending a malicious animated sticker, making it particularly dangerous. Researcher Michael DePlante of TrendAI Zero Day disclosed the vulnerability through the Zero Day Initiative, but Telegram has denied its existence. The vulnerability is considered critical, as it would enable device takeover without any action required from the victim. If the vulnerability is indeed genuine, it would mean that attackers could exploit it before any patches are available, putting defenders at a disadvantage. This matters to security practitioners because zero-day exploitation means defenders are already behind, highlighting the need for proactive measures to mitigate potential attacks.
It’s a mystery … alleged unpatched Telegram zero-day allows device takeover, but Telegram denies
⚠️ Critical Alert
Why This Matters
Zero-day exploitation means the vulnerability is being used before patches exist — defenders are already behind.
References
- SecurityAffairs. (2026, March 30). It’s a mystery … alleged unpatched Telegram zero-day allows device takeover, but Telegram denies. SecurityAffairs. https://securityaffairs.com/190167/security/its-a-mystery-alleged-unpatched-telegram-zero-day-allows-device-takeover-but-telegram-denies.html
Original Source
SecurityAffairs
Read original →