Critical Telegram Vulnerability Exposes User IP Addresses Through Proxy Links

15.01.2026
Critical Telegram Vulnerability Exposes User IP Addresses Through Proxy Links

Security researchers have identified a significant vulnerability in Telegram's Android and iOS applications that allows malicious actors to obtain users' real IP addresses through specially crafted proxy links. The exploit requires no additional user confirmation beyond clicking the link, making it particularly dangerous.

The vulnerability stems from Telegram's handling of MTProto proxy links (formatted as t.me/proxy?...). These links are designed to enable quick proxy configuration within the Telegram client by simply clicking, eliminating the need for manual data entry. When opened in Telegram, the application automatically parses proxy parameters including server address, port, and secret key, then prompts users to add the proxy to their settings.

The critical security flaw allows attackers to disguise malicious proxy links as legitimate usernames. For instance, a message may display what appears to be a link to @durov, while the actual URL redirects to an attacker-controlled proxy server. Upon interaction, the application establishes an automatic connection to the malicious server, inadvertently transmitting the user's real IP address without any warning or additional consent.

This vulnerability poses significant privacy risks, particularly for users who rely on Telegram's anonymity features or operate in regions where such exposure could have serious consequences.

Source: https://xakep.ru/2026/01/14/telegram-ip/

Tags: privacy Telegram proxy vulnerability IP leak
Share: VK Telegram Twitter
🔔 Stay tuned and subscribe →
Telegram
Previous Next
105 views
1 searches

Related news

DHS Issues Hundreds of Subpoenas to Unmask Anonymous Anti-ICE Social Media Accounts
DHS Issues Hundreds of Subpoenas to Unmask Anonymous Anti-ICE Social Media Accounts

14.02.2026

Amazon's Ring Terminates Partnership with Flock Safety Amid Surveillance Concerns
Amazon's Ring Terminates Partnership with Flock Safety Amid Surveillance Concerns

13.02.2026

Meta Reportedly Planning Facial Recognition Integration for Ray-Ban Smart Glasses in 2025
Meta Reportedly Planning Facial Recognition Integration for Ray-Ban Smart Glasses in 2025

13.02.2026

Microsoft Patches Critical Zero-Day Vulnerabilities Under Active Exploitation in Windows and Office
Microsoft Patches Critical Zero-Day Vulnerabilities Under Active Exploitation in Windows and Office

11.02.2026

Try these AI tools

ADHDtest.ai
ADHDtest.ai

Experience AI-driven ADHD testing with personalized insights and comprehensive reports.

2
SmutGPT
SmutGPT

SmutGPT.ai: uncensored, customizable adult AI for erotic stories with privacy and flexible plans.

8
Documind
Documind

Transform PDF interactions with Documind’s GPT-4 Turbo-powered chat interface. Easy upload, query, a...

3
Popular today
  1. 1
    OpenAI Introduces Frontier: Enterprise-Grade AI Agent Management Platform 395 views
  2. 2
    Employee Tender Offers: How Secondary Sales Evolved from Founder Windfalls to St... 155 views
  3. 3
    Critical Data Breach: Openclaw Bot Exposes User Credentials Through Unprotected... 149 views
  4. 4
    OpenAI Dissolves Mission Alignment Team Amid Organizational Restructuring 142 views
  5. 5
    Arcee AI Launches 400B-Parameter Open Source LLM Trinity to Challenge Meta's Lla... 128 views
More from category "Cybersecurity"
Our projects
FontDetector Pro
FontDetector Pro
FontDetector Pro is a handy tool for finding, comp...
N8N Master
N8N Master
Supercharge Your n8n Experience with n8n Master –...
Back to news