CVE-2019-15514

MEDIUM

Telegram app <5.10 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15514. PoCs published by bibi1959.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2019-15514, which is an information disclosure vulnerability in Telegram. The exploit brute-forces phone numbers to uncover hidden user details by leveraging Telegram's contact import functionality.

Description

The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.

Exploits (1)

nomisec WORKING POC 22 stars

by bibi1959 · poc

https://github.com/bibi1959/CVE-2019-15514

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2019-15514, which is an information disclosure vulnerability in Telegram. The exploit brute-forces phone numbers to uncover hidden user details by leveraging Telegram's contact import functionality.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Telegram (all versions)

Auth required

Prerequisites: Telegram API credentials (api_id, api_hash) · Victim's username or user ID · Phone number list or wordlist

MITRE ATT&CK

T1589 - Gather Victim Identity Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://docs.google.com/document/d/e/2PACX-1vRx2wO2kj0axlQtv2CDSjPGlRKJOHtucvpOKGFKybh2eVVGZqvt_JJv-2Q11NHn5Y4um_F4-bgA6q5v/pub

Scores

CVSS v3 5.3

EPSS 0.0333

EPSS Percentile 87.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (1)

telegram/telegram 5.10.0 (2 CPE variants)

Published Aug 23, 2019

Tracked Since Feb 18, 2026