44 matches found
EUVD-2026-41438
fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...
GHSA-RXW2-PC8J-VXWM fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection
Summary fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checking whether the session file exists. A remote HTTP clie...
Improper Authentication
Overview fast-mcp-telegram is a Multi-tenant Telegram gateway for AI agents — HTTP+stdio transport, 8 agent-optimized tools, MTProto User API Affected versions of this package are vulnerable to Improper Authentication via the SessionFileTokenVerifier.verifytoken process. An attacker can gain...
fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection
Summary fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checking whether the session file exists. A remote HTTP clie...
GHSA-VC46-VW85-3WVM
creationtimestamp| type| source ---|---|--- 2026-04-14 05:17:42+00:00| seen| Telegram/EXit4BCARRaTXD4SBLqO-yd3UPNB5jBijYowsPR2aTE5HY...
MAL-2026-2118 Malicious code in hash-utils-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4177b7c46ecbfa35116b35a2a491107d0514cd6551a447b7213ef6e097172939 During importing the module, the code attempts to exfiltrate sensitive Telegram's client session files. --- Category: MALICIOUS - The campaign has clearly...
Malicious code in hashtools32 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 689514b83cd6496b0a4213d26325e73cd2c4f0e19128b969d19797bcdd4b131d During import, the package attempts to exfiltrate sensitive Telegram session files --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-1080 Malicious code in hashtools32 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 689514b83cd6496b0a4213d26325e73cd2c4f0e19128b969d19797bcdd4b131d During import, the package attempts to exfiltrate sensitive Telegram session files --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in smtmlib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e871336d0effe99cb62efeda3a287186e75c1bd4ca5770efd81718db8ababe4e Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by...
CVE-2025-10222
creationtimestamp| type| source ---|---|--- 2025-10-08 12:09:36+00:00| seen| Telegram/XF-4RgrKKfVldXNJULEUgMw60CodFE4RqOqC6guHTsufE...
CVE-2025-4663
creationtimestamp| type| source ---|---|--- 2025-07-08 18:16:34+00:00| seen| Telegram/xvJ0nm8kAySasnE4IS1nozIJK8-iqMVzd1BRmLAGEDQ-yU...
CVE-2024-2938
creationtimestamp| type| source ---|---|--- 2025-02-20 23:26:56+00:00| seen| Telegram/2shBV1KxAbgFNuLla09vy-7QSsd0tuslK717i9uBrscYJJdR...
CVE-2024-44057
creationtimestamp| type| source ---|---|--- 2024-09-15 11:45:32+00:00| seen| https://t.me/cvedetector/5692...
MAL-2024-9264 Malicious code in crustyhttp (PyPI)
Base64-encoded commands are executed from init.py, which exfiltrate Telegram session data. --- -= Per source details. Do not edit below this line.=- Source: kam193 806b071147126057a7de9b570f85f694ad06923e4d580ddd5274731b5343f556 In the invokehttp, the init.py contains obfuscated code attempting t...
CVE-2024-7110
creationtimestamp| type| source ---|---|--- 2024-08-22 19:23:00+00:00| seen| https://t.me/cvedetector/3924...
CVE-2024-39012
creationtimestamp| type| source ---|---|--- 2024-07-30 23:16:23+00:00| seen| https://t.me/cvedetector/2068...
CVE-2024-33519
creationtimestamp| type| source ---|---|--- 2024-07-24 23:20:36+00:00| seen| https://t.me/cvedetector/1599...
CVE-2019-19580
creationtimestamp| type| source ---|---|--- 2024-03-10 14:11:53+00:00| seen| https://t.me/ctinow/204258...
CVE-2023-27308
creationtimestamp| type| source ---|---|--- 2024-03-06 11:12:00+00:00| seen| https://t.me/ctinow/201205...
CVE-2024-27561
creationtimestamp| type| source ---|---|--- 2024-03-05 18:27:05+00:00| seen| https://t.me/ctinow/200545 2024-03-05 18:27:12+00:00| seen| https://t.me/ctinow/200551...