Adding to the "crush" narrative, Telegram’s April 2026 updates also introduced widespread stability bugs for legacy hardware. Users on older iPhones (models X, 8, and 7) reported that the app crashes instantly upon launch. While less malicious than the zero-day vulnerability, this "crush bug" effectively locked thousands of users out of their communications until a hotfix was deployed on April 9, 2026. Controversy and Mitigation

Some users report crashes when receiving formatted code blocks or certain empty special character strings.

: The app closes immediately upon opening or while switching between accounts .

In late March and early April 2026, the cybersecurity world was alerted to a critical "crush bug" or zero-day vulnerability affecting Telegram. This flaw is particularly dangerous because it is a "zero-click" exploit, meaning a user’s device can be compromised without them ever interacting with a malicious file or clicking a link. The vulnerability has sparked a significant debate between security researchers and Telegram’s development team, raising urgent questions about the safety of mobile messaging platforms. The Mechanics of the "Crush" The vulnerability, tracked as ZDI-CAN-30207 with a near-perfect CVSS severity score of , centers on how the Telegram application processes media. The Vector : Attackers deliver specially crafted animated stickers to a target. Zero-Click Execution

Understand Online Safety On Telegram | Learn More With Netsafe