A critical vulnerability has been discovered in the fast-mcp-telegram package that allows attackers to bypass authentication and gain unauthorized access to Telegram session data.

Tracked as CVE-2026-52830, the flaw affects all versions up to 0.19.0 and has been fixed in version 0.19.1.

Overview

The vulnerability stems from improper validation of HTTP Bearer tokens used for authentication. Instead of treating tokens as opaque identifiers, the application directly uses them to construct file paths to Telegram session files.

This design flaw enables attackers to perform path traversal attacks, allowing access to protected session files without possessing valid credentials.

Technical Details

Fast-MCP-Telegram blocks direct access to the reserved session name:

telegram

However, the application fails to properly sanitize user-supplied input.

An attacker can provide a crafted Bearer token such as:

../fast-mcp-telegram/telegram

When resolved by the filesystem, the path points to the same protected Telegram session file that should be inaccessible.

Because the application validates only the literal string "telegram" and not the resolved path, the malicious token bypasses authentication controls entirely.

Impact

Successful exploitation allows attackers to authenticate as the default Telegram session owner and interact with Telegram through the MCP interface.

Potential attacker actions include:

  • Reading Telegram messages
  • Sending messages
  • Accessing chats and contacts
  • Invoking MTProto API functions
  • Downloading attachments
  • Performing actions using the victim's Telegram account

The vulnerability is especially dangerous when the default session file exists at:

~/.config/fast-mcp-telegram/telegram.session

In such deployments, no valid credentials are required to gain access.

Root Cause

The issue combines two common security weaknesses:

Path Traversal

The application does not block dangerous characters and sequences such as:

/
..
../
absolute paths

Weak Authentication Logic

Access control decisions are based on filesystem paths derived from user input rather than securely validated identifiers.

As a result, attackers can manipulate the filesystem path used during authentication and gain unauthorized access.

Proof of Concept

Researchers demonstrated that:

  • Valid Bearer tokens authenticate normally
  • Invalid tokens are rejected
  • Path traversal tokens successfully map to the protected default Telegram session
  • Authentication is bypassed without possessing a legitimate session token

The proof-of-concept confirmed that account-prefix restrictions do not prevent exploitation.

Mitigation

Administrators and developers should immediately upgrade to:

fast-mcp-telegram 0.19.1

Additional security recommendations include:

  • Treat Bearer tokens as opaque identifiers
  • Restrict tokens to alphanumeric characters only
  • Block path traversal sequences (../, .., /)
  • Normalize and validate all filesystem paths
  • Verify resolved paths remain inside the intended session directory
  • Reject absolute paths and special filesystem characters

Recommendations

Organizations using Fast-MCP-Telegram should:

  1. Upgrade to version 0.19.1 immediately
  2. Rotate affected Telegram sessions if compromise is suspected
  3. Review logs for suspicious authentication attempts
  4. Restrict public access to MCP HTTP endpoints
  5. Monitor Telegram account activity for unauthorized actions

Conclusion

CVE-2026-52830 demonstrates how improper input validation can completely undermine authentication mechanisms. By abusing path traversal techniques, attackers can gain unauthorized access to Telegram sessions and perform actions on behalf of victims.

Given the potential exposure of private communications and account access, affected users should prioritize patching and security reviews as soon as possible.