Vulnerability  ·  2026-07-04

fast-mcp-telegram — Bearer Token Path Traversal Bypasses Session Authentication (CVE-2026-52830)

VulnerabilityHigh impactGlobalCVE-2026-52830
CVE-2026-52830 (CVSS 9.4 Critical, published 2026-07-02) affects fast-mcp-telegram, a Telegram MCP Server, prior to version 0.19.1. The server validates HTTP Bearer tokens by joining the raw token string directly into a session-file path without normalising path separators. The verifier rejects the exact reserved token 'telegram' but does not reject path traversal sequences. A remote unauthenticated attacker can send a crafted token such as '../fast-mcp-telegram/telegram' that resolves to the default legacy session file (~/.config/fast-mcp-telegram/telegram.session), bypassing session isolation and authenticating as the legacy Telegram account. With account-prefixed MCP tools enabled, the attacker gains full access to all MCP tools exposed for that Telegram session.
Telegram MCP servers bridge AI agents to Telegram accounts with full message read/write permissions. Authentication bypass means an unauthenticated remote attacker can invoke all MCP tools on behalf of the victim's Telegram account — reading private messages, sending messages, accessing group chats, and exfiltrating contact data. In agentic workflows where Telegram is used for notifications, approvals, or command-and-control, this represents a complete account takeover of the AI agent's communication channel.
Unauthenticated HTTP request with a path-traversal Bearer token (e.g. '../fast-mcp-telegram/telegram') causes the server to resolve to the default session file, granting full MCP tool access over the victim's Telegram account.
fast-mcp-telegram < 0.19.1
Upgrade fast-mcp-telegram to version 0.19.1 or later. GitHub advisory: https://github.com/advisories/GHSA-rxw2-pc8j-vxwm
NVD — CVE-2026-52830GitHub Advisory GHSA-rxw2-pc8j-vxwmGitLab Advisory Database — CVE-2026-52830TheHackerWire — fast-mcp-telegram Critical Path Traversal Session Bypass
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →