Skip to content
Verified fast-mcp-telegram <=0.19.0 allows bearer token path traversal to authenticate as the default telegram.session, bypassing reserved session name protections and enabling unauthorized access to Telegram MCP tools.
REPRO-2026-00218 fast-mcp-telegram · pip Path Traversal Jul 3, 2026 .txt
Severity CRITICAL
Confidence HIGH
Reproduced in 17m 51s
Tool calls 186
Spend $2.27
Affected <= 0.19.0
Fixed in 0.19.1
$ pruva-verify REPRO-2026-00218
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00218/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path without normalizing or rejecting path separators. Although the exact reserved token telegram is blocked, traversal aliases (e.g., ../fast-mcp-telegram/telegram) resolve to the same default session file and are accepted. A remote HTTP client can authenticate as the default legacy session when ~/.config/fast-mcp-telegram/telegram.session exists, enabling access to Telegram MCP tools as that account.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.

bundle/ticket.md3.1 KB
bundle/ticket.json4.2 KB
bundle/repro/artifacts/http_vuln_reserved.txt0.3 KB
bundle/repro/artifacts/http_vuln_traversal.txt12.6 KB
bundle/repro/artifacts/http_vuln_noauth.txt0.3 KB
bundle/repro/artifacts/http_fixed_traversal.txt0.3 KB
bundle/repro/fakehome/.config/fast-mcp-telegram/telegram.session0.0 KB
bundle/repro/runtime_manifest.json0.7 KB
bundle/repro/validation_verdict.json0.7 KB
bundle/logs/pip_0.19.0.log58.9 KB
bundle/logs/pip_0.19.1.log56.4 KB
bundle/logs/server_vuln.log1.8 KB
bundle/logs/server_fixed.log1.7 KB
bundle/logs/reproduction_steps.log49.1 KB
bundle/logs/reproduction_steps_run2.log49.1 KB
bundle/logs/variant_reproduction_steps_run1.log13.2 KB
bundle/logs/server_vuln_variant.log2.1 KB
bundle/logs/server_fixed_variant.log2.3 KB
bundle/logs/variant_reproduction_steps_run2.log13.2 KB
bundle/vuln_variant/fakehome/.config/fast-mcp-telegram/telegram.session0.0 KB
bundle/vuln_variant/artifacts/http_vuln_reserved.txt0.3 KB
bundle/vuln_variant/artifacts/http_vuln_dot_slash.txt12.6 KB
bundle/vuln_variant/artifacts/http_vuln_original.txt12.6 KB
bundle/vuln_variant/artifacts/http_vuln_invalid.txt0.3 KB
bundle/vuln_variant/artifacts/http_vuln_url_dot_slash.txt0.1 KB
bundle/vuln_variant/artifacts/http_fixed_dot_slash.txt0.3 KB
bundle/vuln_variant/artifacts/http_fixed_original.txt0.3 KB
bundle/vuln_variant/artifacts/http_fixed_url_dot_slash.txt0.1 KB
bundle/vuln_variant/runtime_manifest.json1.1 KB
bundle/vuln_variant/patch_analysis.md5.4 KB
bundle/vuln_variant/variant_manifest.json3.2 KB
bundle/vuln_variant/validation_verdict.json1.1 KB
bundle/vuln_variant/source_identity.json0.8 KB
bundle/vuln_variant/root_cause_equivalence.json1.5 KB
bundle/repro/reproduction_steps.sh7.2 KB
bundle/repro/rca_report.md7.6 KB
bundle/vuln_variant/reproduction_steps.sh9.0 KB
bundle/vuln_variant/rca_report.md11.0 KB