Critical Telegram Vulnerability Exposes User IP Addresses Through Proxy Links

15.01.2026

Security researchers have identified a significant vulnerability in Telegram's Android and iOS applications that allows malicious actors to obtain users' real IP addresses through specially crafted proxy links. The exploit requires no additional user confirmation beyond clicking the link, making it particularly dangerous.

The vulnerability stems from Telegram's handling of MTProto proxy links (formatted as t.me/proxy?...). These links are designed to enable quick proxy configuration within the Telegram client by simply clicking, eliminating the need for manual data entry. When opened in Telegram, the application automatically parses proxy parameters including server address, port, and secret key, then prompts users to add the proxy to their settings.

The critical security flaw allows attackers to disguise malicious proxy links as legitimate usernames. For instance, a message may display what appears to be a link to @durov, while the actual URL redirects to an attacker-controlled proxy server. Upon interaction, the application establishes an automatic connection to the malicious server, inadvertently transmitting the user's real IP address without any warning or additional consent.

This vulnerability poses significant privacy risks, particularly for users who rely on Telegram's anonymity features or operate in regions where such exposure could have serious consequences.

Source: https://xakep.ru/2026/01/14/telegram-ip/

Tags: privacy Telegram proxy vulnerability IP leak

Share: VK Telegram Twitter

Previous Next

3 views