CVE-2020-10570
Description
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Telegram for Android 5.12 and earlier with Show Popup enabled allows physically proximate attackers to bypass the passcode and read/reply to messages.
Vulnerability
The Telegram application for Android, versions through 5.12, contains a vulnerability when the "Show Popup" feature is enabled. In this configuration, a physically proximate attacker can bypass intended restrictions on message reading and message replying, effectively circumventing the passcode lock [1].
Exploitation
An attacker needs physical proximity to the device while a message popup is displayed. The attacker can interact with the popup to read and reply to messages without entering the passcode.
Impact
Successful exploitation allows the attacker to read and reply to messages, compromising the confidentiality and integrity of communications. The passcode feature, intended to secure the app, is bypassed.
Mitigation
Users should disable the "Show Popup" feature in Telegram settings, or update to a version newer than 5.12 if a fix is available. According to the CVE, the issue affects through 5.12; later versions may have addressed this.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Telegram/applicationdescription
- Range: <=5.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-10570mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.