CVE-2026-52830
Received Received - Intake

Path Traversal in fast-mcp-telegram

Vulnerability report for CVE-2026-52830, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: GitHub, Inc.

Description

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checking whether the session file exists. A remote HTTP client can therefore authenticate as the default legacy session with a token such as ../fast-mcp-telegram/telegram when the documented default session file ~/.config/fast-mcp-telegram/telegram.session exists. This bypasses the reserved session name control that is intended to prevent HTTP multi-user sessions from colliding with the default stdio or legacy account. With account-prefixed MCP tools enabled, the attacker still sees and calls the prefixed tools for the default account, so the prefix middleware does not stop the session selection bypass. This vulnerability is fixed in 0.19.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-03
AI Q&A
2026-07-03
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
fast-mcp-telegram fast-mcp-telegram 0.19.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in fast-mcp-telegram versions prior to 0.19.1, where the software validates HTTP Bearer tokens by directly joining the raw token string into a session-file path without normalizing or rejecting path separators.

Although the verifier rejects the exact reserved token "telegram", it does not reject tokens containing path traversal sequences like "../". This allows a remote HTTP client to bypass the intended session name restrictions by using a crafted token such as "../fast-mcp-telegram/telegram".

As a result, the attacker can authenticate as the default legacy session if the default session file exists, effectively bypassing controls designed to prevent multi-user session collisions with the default or legacy account.

Even with account-prefixed MCP tools enabled, the attacker can still access and invoke the prefixed tools for the default account, meaning the prefix middleware does not prevent this session selection bypass.

This vulnerability was fixed in version 0.19.1.

Impact Analysis

This vulnerability allows a remote attacker to bypass authentication controls and gain unauthorized access to the default legacy session of the fast-mcp-telegram server.

By exploiting this, the attacker can impersonate the default account and access or invoke MCP tools associated with it, potentially leading to unauthorized actions or data exposure.

Given the high CVSS score of 9.4, the impact includes high confidentiality and integrity loss, and some availability impact, meaning sensitive information could be disclosed or altered, and service functionality could be partially disrupted.

Mitigation Strategies

The vulnerability is fixed in fast-mcp-telegram version 0.19.1. Immediate mitigation involves upgrading fast-mcp-telegram to version 0.19.1 or later.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52830. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart