CVE-2020-10570

MEDIUM

Telegram < 5.12.0 - Unauthenticated Message Access Bypass via Show Popup Feature

Title source: llm
STIX 2.1

Description

The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature.

References (1)

Core 1

Scores

CVSS v3 6.1
EPSS 0.0039
EPSS Percentile 30.8%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Status published
Products (1)
telegram/telegram < 5.12.0
Published Mar 24, 2020
Tracked Since Feb 18, 2026