CVE-2023-26818
Published: 19 May 2023
Summary
CVE-2023-26818 is a medium-severity Incorrect Authorization (CWE-863) vulnerability in Telegram Telegram. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 9.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-26818 affects Telegram desktop clients version 9.3.1 and 9.4.0. The flaw stems from improper handling of the DYLD_INSERT_LIBRARIES environment variable, which permits unauthorized access to files, microphone input, and video recording that should be gated by macOS TCC protections. It is tracked under CWE-863 and carries a CVSS 3.1 score of 5.5 reflecting local attack vector, low complexity, and high confidentiality impact.
A local attacker who can execute or inject code into the Telegram process can set DYLD_INSERT_LIBRARIES to load a malicious library, thereby bypassing TCC prompts and reading protected resources or capturing audio and video without user consent. The technique requires the ability to launch Telegram under a controlled environment but does not need elevated privileges beyond a standard user account.
Public references consist primarily of a technical write-up demonstrating the TCC bypass; no official Telegram advisory or patch information is supplied in the available sources. The associated EPSS score remains flat at 0.0518 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-30610
Vulnerability details
Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Periodic review and update of procedures reduces incorrect authorization implementations over time.
Supervision identifies cases where authorization logic incorrectly permits unauthorized actions.
Defining permitted attribute values and auditing modifications reduces the chance of incorrect authorization outcomes due to tampered or missing labels.
The authorization process and usage restrictions help prevent incorrect authorization for remote access types.
Establishing configuration and connection requirements helps ensure correct rather than incorrect authorization for wireless access.
Establishing connection authorization processes for mobile devices helps ensure authorization decisions are correctly implemented rather than incorrect.
Monitoring account use, notifying on changes, and reviewing accounts for compliance corrects incorrect authorization assignments.
Ensures authorization decisions for external system use are correctly implemented and enforced.