See https://www.bleepingcomputer.com/news/security/
qt5-based-gui-apps-susceptible-to-remote-code-execution/
This RCE exploit doesn't affect Telegram Desktop directly, because
Telegram Desktop uses statically linked Qt and does not load any
plugins from external shared libraries. But in any case it's better
to control how command line arguments can affect the app behaviour.
For now pass only the first command line part, the executable path.
John Preston