CVE-2023-26818

MEDIUM

Telegram 9.3.1 and 9.4.0 - Unauthenticated Incorrect Authorization via DYLD_INSERT_LIBRARIES Flag

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-26818. PoCs published by Zeyad-Azima.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-26818, a macOS TCC bypass vulnerability. The exploit leverages dynamic library compilation to bypass Transparency, Consent, and Control (TCC) protections, allowing unauthorized access to camera, microphone, and location services.

Description

Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.

Exploits (1)

nomisec WORKING POC 17 stars
by Zeyad-Azima · poc
https://github.com/Zeyad-Azima/CVE-2023-26818

This repository contains a functional exploit for CVE-2023-26818, a macOS TCC bypass vulnerability. The exploit leverages dynamic library compilation to bypass Transparency, Consent, and Control (TCC) protections, allowing unauthorized access to camera, microphone, and location services.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: macOS TCC (Transparency, Consent, and Control)
No auth needed
Prerequisites: macOS system with TCC protections · ability to compile and execute dynamic libraries
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Technical Description, Third Party Advisory
https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/

Scores

CVSS v3 5.5
EPSS 0.0054
EPSS Percentile 41.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-863
Status published
Products (2)
telegram/telegram 9.3.1
telegram/telegram 9.4
Published May 19, 2023
Tracked Since Feb 18, 2026