fast-mcp-telegram and Telegram: Critical fast-mcp-telegram Vulnerability Lets Attackers Access Telegram Session Without Token

fast-mcp-telegram and Telegram: Critical fast-mcp-telegram Vulnerability Lets Attackers Access Telegram Session Without Token

Critical Path-Traversal Flaw in fast-mcp-telegram Exposes Telegram Accounts to Unauthorized Access

A severe vulnerability (CVE-2026-52830, GHSA-rxw2-pc8j-vxwm) in fast-mcp-telegram a Telegram MCP server bridging accounts to AI assistants and HTTP clients allows attackers to bypass authentication and gain full access to a Telegram session by exploiting a path-traversal flaw in session file resolution.

Vulnerability Details

The flaw affects versions ≤ 0.19.0 of fast-mcp-telegram, where bearer tokens are improperly validated. Instead of treating tokens as opaque identifiers, the server constructs session file paths by directly appending the token to a directory (e.g., session_dir/{token}.session). While the code blocks reserved names like telegram, it fails to sanitize path separators (/, \, ..), enabling attackers to craft malicious tokens (e.g., ../fast-mcp-telegram/telegram) that resolve to the default telegram.session file.

This bypasses the intended high-entropy token requirement, granting unauthorized access to the default Telegram account including message read/write capabilities, MTProto API calls, and exposed tools without requiring a valid token.

Impact & Exploitation

  • Authentication Bypass: Attackers can impersonate the default Telegram account by submitting a traversal sequence in the Authorization: Bearer header.
  • Privileged Access: Once authenticated, attackers gain full control over the account’s messages, API functions, and configured tools.
  • Downstream Risks: Middleware tool prefixing (e.g., account-specific restrictions) fails to mitigate the issue, as the flaw occurs during session selection, not tool enforcement.

Remediation & Response

The vulnerability was reported by David Carliez and patched in version 0.19.1, which enforces stricter token validation. Recommended actions include:

  • Immediate upgrades to the latest version.
  • Rotation of default/legacy session files to prevent lingering exposure.
  • Log audits for suspicious bearer tokens containing traversal sequences.

The flaw underscores the risks of improper path handling in authentication systems, where filesystem-dependent logic can undermine security boundaries.

Source: https://gbhackers.com/critical-fast-mcp-telegram-vulnerability/

fast-mcp-telegram TPRM report: https://www.rankiteo.com/company/gtprotocol

Telegram TPRM report: https://www.rankiteo.com/company/telegram-messenger

"id": "telgtp1783340994",
"linkid": "telegram-messenger, gtprotocol",
"type": "Vulnerability",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology/Telecommunications',
                        'name': 'fast-mcp-telegram',
                        'type': 'Software'}],
 'attack_vector': 'Path-Traversal in Bearer Token Validation',
 'data_breach': {'file_types_exposed': '.session files',
                 'sensitivity_of_data': 'High (account access, message '
                                        'read/write capabilities)',
                 'type_of_data_compromised': 'Telegram session data (messages, '
                                             'API calls, tools)'},
 'description': 'A severe vulnerability (CVE-2026-52830, GHSA-rxw2-pc8j-vxwm) '
                'in fast-mcp-telegram, a Telegram MCP server bridging accounts '
                'to AI assistants and HTTP clients, allows attackers to bypass '
                'authentication and gain full access to a Telegram session by '
                'exploiting a path-traversal flaw in session file resolution. '
                'The flaw affects versions ≤ 0.19.0, where bearer tokens are '
                'improperly validated, enabling attackers to craft malicious '
                'tokens (e.g., `../fast-mcp-telegram/telegram`) that resolve '
                'to the default `telegram.session` file, granting unauthorized '
                'access to the default Telegram account.',
 'impact': {'data_compromised': 'Telegram session data (messages, MTProto API '
                                'calls, exposed tools)',
            'operational_impact': 'Unauthorized access to Telegram accounts, '
                                  'impersonation of default account',
            'systems_affected': 'fast-mcp-telegram (versions ≤ 0.19.0)'},
 'lessons_learned': 'Risks of improper path handling in authentication '
                    'systems, where filesystem-dependent logic can undermine '
                    'security boundaries.',
 'post_incident_analysis': {'corrective_actions': 'Stricter token validation, '
                                                  'removal of '
                                                  'filesystem-dependent '
                                                  'session resolution logic',
                            'root_causes': 'Improper validation of bearer '
                                           'tokens, path-traversal '
                                           'vulnerability in session file '
                                           'resolution'},
 'recommendations': ['Upgrade to fast-mcp-telegram version 0.19.1 or later',
                     'Rotate default/legacy session files to prevent lingering '
                     'exposure',
                     'Audit logs for suspicious bearer tokens containing '
                     'traversal sequences'],
 'references': [{'source': 'GitHub Advisory', 'url': 'GHSA-rxw2-pc8j-vxwm'}],
 'response': {'containment_measures': 'Immediate upgrades to version 0.19.1',
              'recovery_measures': 'Log audits for suspicious bearer tokens '
                                   'containing traversal sequences',
              'remediation_measures': 'Stricter token validation, rotation of '
                                      'default/legacy session files'},
 'title': 'Critical Path-Traversal Flaw in fast-mcp-telegram Exposes Telegram '
          'Accounts to Unauthorized Access',
 'type': 'Authentication Bypass',
 'vulnerability_exploited': 'CVE-2026-52830 (GHSA-rxw2-pc8j-vxwm)'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.