PT-2026-55313 · Unknown · Fast-Mcp-Telegram

David Carliez

·

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-52830

CVSS v3.1

9.4

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Name of the Vulnerable Software and Affected Versions fast-mcp-telegram versions prior to 0.19.1
Description fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. While the verifier rejects the exact reserved token telegram, it fails to reject path separators or normalize the path before checking for the session file's existence. A remote HTTP client can bypass reserved session name controls by using a traversal token such as ../fast-mcp-telegram/telegram to authenticate as the default legacy session, provided the default session file ~/.config/fast-mcp-telegram/telegram.session exists. This allows an unauthenticated network client to access the Telegram account associated with the default session file, enabling them to read and send messages, make MTProto API calls, and use other available tool surfaces. The issue exists within the SessionFileTokenVerifier.verify token() function.
Recommendations Update to version 0.19.1. As a temporary mitigation, restrict the use of the SessionFileTokenVerifier.verify token() function or implement a filter to reject bearer tokens containing path separators like / or `` and traversal sequences like ...

Fix

Path traversal

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-52830
GHSA-RXW2-PC8J-VXWM

Affected Products

Fast-Mcp-Telegram