Vulnerability  ·  2026-07-03

fast-mcp-telegram MCP Server — Path Traversal in Bearer Token Validation Enables Authentication Bypass (CVE-2026-52830)

VulnerabilityHigh impactGlobalCVE-2026-52830
CVE-2026-52830 (CVSS 9.4 Critical) was published to NVD on 2 July 2026. The fast-mcp-telegram Telegram MCP Server before 0.19.1 validates HTTP Bearer tokens by joining the raw token directly into a session-file filesystem path. The verifier only rejects the exact string 'telegram' as a reserved token; it does not normalise or sanitise path separators. An attacker can therefore craft a token containing directory traversal sequences to point the path check at an attacker-controlled file, bypassing authentication and gaining full access to the MCP server's capabilities.
MCP servers are privileged tool surfaces that AI agents call to take actions in external systems. Authentication bypass at the MCP transport layer allows an unauthenticated attacker to issue arbitrary tool calls as if they were a legitimately authenticated AI agent, potentially accessing Telegram accounts, exfiltrating messages, or using the MCP server as a pivot point into connected agent workflows.
An unauthenticated remote attacker supplies an HTTP Bearer token containing path separator characters (e.g. '../'). The verifier rejects only the exact reserved token string 'telegram' but does not normalise the path or strip traversal sequences before checking, allowing the attacker to reference an arbitrary session file they control and impersonate an authenticated session.
fast-mcp-telegram (Telegram MCP Server) < 0.19.1
Upgrade fast-mcp-telegram to version 0.19.1 or later. Primary advisory: https://github.com/advisories/GHSA-rxw2-pc8j-vxwm
Sources
NVD — CVE-2026-52830GitHub Advisory GHSA-rxw2-pc8j-vxwm
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →