ThreatCluster

Critical Vulnerability in fast-mcp-telegram Exposes Telegram Sessions

First seen 7 Jul 2026, 03:31 UTC GbhackersCybersecuritynews 85% similarity 73

Article Content

Browse articles
ThreatCluster

A critical vulnerability (CVE-2026-52830) in the fast-mcp-telegram package allows attackers to access Telegram MCP sessions without a valid bearer token due to a path-traversal flaw. This flaw affects all versions up to 0.19.0, exposing sensitive session data and enabling unauthorized actions. The vulnerability was published on July 2, 2026, and has been addressed in version 0.19.1. Users of the affected package are urged to update immediately to mitigate risks. The flaw compromises the integrity of Telegram accounts, potentially leading to unauthorized access to messages and MTProto operations. The vulnerability's critical nature necessitates immediate action from developers and users alike.

Key Points: • CVE-2026-52830 allows unauthorized access to Telegram session data. • The vulnerability affects all versions of fast-mcp-telegram up to 0.19.0. • A patch has been released in version 0.19.1 to address this critical issue.

ThreatCluster AI

Timeline

2026-07-02
CVE-2026-52830 published
A critical vulnerability in fast-mcp-telegram was disclosed, allowing unauthorized access to Telegram sessions.
Gbhackers
2026-07-06
Vulnerability details reported
Gbhackers reported on the critical flaw, emphasizing its ability to bypass bearer token validation.
Gbhackers
2026-07-07
Patch released
Version 0.19.1 of fast-mcp-telegram has been released to fix the critical vulnerability.
Cybersecuritynews

Community

Browse all →