Crush Bug Telegram: New

: If the app won't stay open, go to your phone's system settings (App Info) and clear the Telegram cache/data to force it to reload without the malicious payload.

Unlike typical bugs, this 2026 iteration has two distinct profiles:

He discovered that the exploit used a zero-day vulnerability in Telegram's new video rendering engine. By sending a specifically crafted, highly compressed media file through the Stories feature, the sender could force a buffer overflow. This allowed them to execute remote code, bypass the app's sandbox, and access the phone's deepest, unindexed memory sectors. crush bug telegram new

Leo sat in his dim apartment, the blue glow of his monitor casting long shadows against the wall. As a freelance cybersecurity researcher, his phone was usually a fortress. But tonight, a notification from his Telegram desktop app caught his eye. A user with no profile picture named had posted a Story.

Since late March 2026, mass outages have left many users unable to send messages or load media. Critical Outages (April 10 & 13, 2026) : On April 10, failure rates reached : If the app won't stay open, go

CVE‑2026‑7701 affects . The flaw resides in the function RequestButton , located in the source file Telegram/SourceFiles/boxes/url_auth_box.cpp , which is part of the Bot API component. By manipulating the login_url argument, an attacker can trigger a null pointer dereference (CWE‑476). In plain terms, the application attempts to use a memory pointer that has not been properly initialized, leading to a crash.

[Incoming Exploited Data / Action] │ ▼ [Telegram Parsing Engine] │ ┌────────┴────────┐ ▼ ▼ [Memory Overflow] [Null Pointer Dereference] (Bad String/Media) (Permission Mismatch) │ │ └────────┬────────┘ ▼ [Instant App Crash] 1. The Text Bomb (Buffer Overflow) This allowed them to execute remote code, bypass

Telegram is usually quick to patch these vulnerabilities, but you can take proactive steps to stay safe:

If you are experiencing these "crush bugs," the following steps are recommended by the community and official bug trackers: Check for Official Updates:

The vulnerability debuted with a near-maximum Common Vulnerability Scoring System (CVSS) score of , signaling an extreme threat. However, the discovery quickly evolved into a standoff between the vendor and the security community: