pruva-verify REPRO-2026-00218 curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00218/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path without normalizing or rejecting path separators. Although the exact reserved token telegram is blocked, traversal aliases (e.g., ../fast-mcp-telegram/telegram) resolve to the same default session file and are accepted. A remote HTTP client can authenticate as the default legacy session when ~/.config/fast-mcp-telegram/telegram.session exists, enabling access to Telegram MCP tools as that account.
Variant analysis
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.