CVE-2021-41861

Name of the Vulnerable Software and Affected Versions Telegram versions 7.5.0 through 7.8.0

Description The issue concerns the improper implementation of the image self-destruction feature. After using the self-destruct feature several times, the UI may incorrectly indicate that an image has been deleted, when in fact the image remains present on the device in the /Storage/Emulated/0/Telegram/Telegram Image/ directory. This affects both the sender and recipient sides in private and group chats.

Recommendations For versions 7.5.0 through 7.8.0, as a temporary workaround, consider manually checking the /Storage/Emulated/0/Telegram/Telegram Image/ directory for remaining images after using the self-destruct feature. Restrict access to this directory to minimize the risk of unauthorized image access until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.