Critical Vulnerability in fast-mcp-telegram Exposes Telegram Sessions
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A critical vulnerability (CVE-2026-52830) in the fast-mcp-telegram package allows attackers to access Telegram MCP sessions without a valid bearer token due to a path-traversal flaw. This flaw affects all versions up to 0.19.0, exposing sensitive session data and enabling unauthorized actions. The vulnerability was published on July 2, 2026, and has been addressed in version 0.19.1. Users of the affected package are urged to update immediately to mitigate risks. The flaw compromises the integrity of Telegram accounts, potentially leading to unauthorized access to messages and MTProto operations. The vulnerability's critical nature necessitates immediate action from developers and users alike.
Key Points: • CVE-2026-52830 allows unauthorized access to Telegram session data. • The vulnerability affects all versions of fast-mcp-telegram up to 0.19.0. • A patch has been released in version 0.19.1 to address this critical issue.