CVE-2026-52830 - fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection
CVE ID :CVE-2026-52830 Published : July 2, 2026, 8:39 p.m. | 4 hours, 33 minutes ago Description :fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the...