Critical Path-Traversal Flaw in fast-mcp-telegram Exposes Telegram Accounts to Unauthorized Access
A severe vulnerability (CVE-2026-52830, GHSA-rxw2-pc8j-vxwm) in fast-mcp-telegram a Telegram MCP server bridging accounts to AI assistants and HTTP clients allows attackers to bypass authentication and gain full access to a Telegram session by exploiting a path-traversal flaw in session file resolution.
Vulnerability Details
The flaw affects versions ≤ 0.19.0 of fast-mcp-telegram, where bearer tokens are improperly validated. Instead of treating tokens as opaque identifiers, the server constructs session file paths by directly appending the token to a directory (e.g., session_dir/{token}.session). While the code blocks reserved names like telegram, it fails to sanitize path separators (/, \, ..), enabling attackers to craft malicious tokens (e.g., ../fast-mcp-telegram/telegram) that resolve to the default telegram.session file.
This bypasses the intended high-entropy token requirement, granting unauthorized access to the default Telegram account including message read/write capabilities, MTProto API calls, and exposed tools without requiring a valid token.
Impact & Exploitation
- Authentication Bypass: Attackers can impersonate the default Telegram account by submitting a traversal sequence in the
Authorization: Bearerheader. - Privileged Access: Once authenticated, attackers gain full control over the account’s messages, API functions, and configured tools.
- Downstream Risks: Middleware tool prefixing (e.g., account-specific restrictions) fails to mitigate the issue, as the flaw occurs during session selection, not tool enforcement.
Remediation & Response
The vulnerability was reported by David Carliez and patched in version 0.19.1, which enforces stricter token validation. Recommended actions include:
- Immediate upgrades to the latest version.
- Rotation of default/legacy session files to prevent lingering exposure.
- Log audits for suspicious bearer tokens containing traversal sequences.
The flaw underscores the risks of improper path handling in authentication systems, where filesystem-dependent logic can undermine security boundaries.
Source: https://gbhackers.com/critical-fast-mcp-telegram-vulnerability/
fast-mcp-telegram TPRM report: https://www.rankiteo.com/company/gtprotocol
Telegram TPRM report: https://www.rankiteo.com/company/telegram-messenger
"id": "telgtp1783340994",
"linkid": "telegram-messenger, gtprotocol",
"type": "Vulnerability",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology/Telecommunications',
'name': 'fast-mcp-telegram',
'type': 'Software'}],
'attack_vector': 'Path-Traversal in Bearer Token Validation',
'data_breach': {'file_types_exposed': '.session files',
'sensitivity_of_data': 'High (account access, message '
'read/write capabilities)',
'type_of_data_compromised': 'Telegram session data (messages, '
'API calls, tools)'},
'description': 'A severe vulnerability (CVE-2026-52830, GHSA-rxw2-pc8j-vxwm) '
'in fast-mcp-telegram, a Telegram MCP server bridging accounts '
'to AI assistants and HTTP clients, allows attackers to bypass '
'authentication and gain full access to a Telegram session by '
'exploiting a path-traversal flaw in session file resolution. '
'The flaw affects versions ≤ 0.19.0, where bearer tokens are '
'improperly validated, enabling attackers to craft malicious '
'tokens (e.g., `../fast-mcp-telegram/telegram`) that resolve '
'to the default `telegram.session` file, granting unauthorized '
'access to the default Telegram account.',
'impact': {'data_compromised': 'Telegram session data (messages, MTProto API '
'calls, exposed tools)',
'operational_impact': 'Unauthorized access to Telegram accounts, '
'impersonation of default account',
'systems_affected': 'fast-mcp-telegram (versions ≤ 0.19.0)'},
'lessons_learned': 'Risks of improper path handling in authentication '
'systems, where filesystem-dependent logic can undermine '
'security boundaries.',
'post_incident_analysis': {'corrective_actions': 'Stricter token validation, '
'removal of '
'filesystem-dependent '
'session resolution logic',
'root_causes': 'Improper validation of bearer '
'tokens, path-traversal '
'vulnerability in session file '
'resolution'},
'recommendations': ['Upgrade to fast-mcp-telegram version 0.19.1 or later',
'Rotate default/legacy session files to prevent lingering '
'exposure',
'Audit logs for suspicious bearer tokens containing '
'traversal sequences'],
'references': [{'source': 'GitHub Advisory', 'url': 'GHSA-rxw2-pc8j-vxwm'}],
'response': {'containment_measures': 'Immediate upgrades to version 0.19.1',
'recovery_measures': 'Log audits for suspicious bearer tokens '
'containing traversal sequences',
'remediation_measures': 'Stricter token validation, rotation of '
'default/legacy session files'},
'title': 'Critical Path-Traversal Flaw in fast-mcp-telegram Exposes Telegram '
'Accounts to Unauthorized Access',
'type': 'Authentication Bypass',
'vulnerability_exploited': 'CVE-2026-52830 (GHSA-rxw2-pc8j-vxwm)'}