PT-2026-55313 · Unknown · Fast-Mcp-Telegram
David Carliez
·
Published
2026-07-02
·
Updated
2026-07-02
·
CVE-2026-52830
CVSS v3.1
9.4
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
fast-mcp-telegram versions prior to 0.19.1
Description
fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. While the verifier rejects the exact reserved token
telegram, it fails to reject path separators or normalize the path before checking for the session file's existence. A remote HTTP client can bypass reserved session name controls by using a traversal token such as ../fast-mcp-telegram/telegram to authenticate as the default legacy session, provided the default session file ~/.config/fast-mcp-telegram/telegram.session exists. This allows an unauthenticated network client to access the Telegram account associated with the default session file, enabling them to read and send messages, make MTProto API calls, and use other available tool surfaces. The issue exists within the SessionFileTokenVerifier.verify token() function.Recommendations
Update to version 0.19.1.
As a temporary mitigation, restrict the use of the
SessionFileTokenVerifier.verify token() function or implement a filter to reject bearer tokens containing path separators like / or `` and traversal sequences like ...Fix
Path traversal
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fast-Mcp-Telegram