Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead.
Threatpost