Critical fast-mcp-telegram Vulnerability Lets Attackers Access Telegram Session Without Token

A critical vulnerability in fast-mcp-telegram (CVE-2026-52830, GHSA-rxw2-pc8j-vxwm) allows attackers to access a Telegram MCP session over HTTP without a valid bearer token by abusing a path-traversal flaw in how session files are resolved on disk. This breaks the intended high-entropy token boundary and exposes the default Telegram account to full message and MTProto access. Critical […]

The post Critical fast-mcp-telegram Vulnerability Lets Attackers Access Telegram Session Without Token appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Read the original article: