Black & White Path

Apr 2, 2026 · Information Security

Zero‑Click RCE in Telegram: How a Malicious Animated Sticker Can Hijack Your Phone

Security researchers uncovered a CVSS 9.8 zero‑click vulnerability in Telegram that lets attackers execute code and fully control Android and Linux devices by sending a specially crafted animated sticker, and the flaw has been patched but requires immediate user updates.