Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
GT Protocol

GT Protocol Vendor Cyber Rating & Cyber Score

gt-protocol.io

GT Protocol is building agentic crypto trading — where AI agents help users build, backtest, automate, and execute crypto trading strategies across supported CEX and DEX markets. Through GT APP and Telegram AI Trading Agent, users can create AI-powered strategies, run backtests on historical market data, practice with Demo Trading, copy strategies, and execute trading actions on Binance and Hyperliquid. The goal is to make crypto trading more automated, strategy-driven, and accessible through AI agents that support users across the full trading workflow. The GT Protocol ecosystem includes GT APP, Telegram AI Trading Agent, AI Backtesting, AI Staking 3000, Pentarchy, Trading API, and developer tools for building AI-driven trading


GT Protocol A.I CyberSecurity Scoring

GT Protocol
Company Information
Website:https://gt-protocol.io/
Employees number:31
Number of followers:0
NAICS:52
Industry Type:Financial Services
Homepage:gt-protocol.io
GT Protocol Risk Score (AI oriented)
Between 800 and 849
logo
GT ProtocolFinancial Services
Updated:
06/07/2026
810/1000
Good
A
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
GT Protocol Global Score (TPRM)
xxxx
logo
GT ProtocolFinancial Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

GT Protocol
GT ProtocolGood
Current Score
810A (GOOD)
01000
1 incidents
-3 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
813Before Incident
Vulnerability
06 Jul 2026GT Protocol
fast-mcp-telegram and Telegram: Critical fast-mcp-telegram Vulnerability Lets Attackers Access Telegram Session Without Token

Critical Path-Traversal Flaw in fast-mcp-telegram Exposes Telegram Accounts to Unauthorized Access

810After Incident
CRITICAL-3
TELGTP1783340994
Critical Path-Traversal Flaw in fast-mcp-telegram Exposes Telegram Accounts to Unauthorized Access A severe vulnerability (CVE-2026-52830, GHSA-rxw2-pc8j-vxwm) in fast-mcp-telegram a Telegram MCP server bridging accounts to AI assistants and HTTP clients allows attackers to bypass authentication and gain full access to a Telegram session by exploiting a path-traversal flaw in session file resolution. ### Vulnerability Details The flaw affects versions ≤ 0.19.0 of fast-mcp-telegram, where bearer tokens are improperly validated. Instead of treating tokens as opaque identifiers, the server constructs session file paths by directly appending the token to a directory (e.g., `session_dir/{token}.session`). While the code blocks reserved names like telegram, it fails to sanitize path separators (`/`, `\`, `..`), enabling attackers to craft malicious tokens (e.g., `../fast-mcp-telegram/telegram`) that resolve to the default `telegram.session` file. This bypasses the intended high-entropy token requirement, granting unauthorized access to the default Telegram account including message read/write capabilities, MTProto API calls, and exposed tools without requiring a valid token. ### Impact & Exploitation - Authentication Bypass: Attackers can impersonate the default Telegram account by submitting a traversal sequence in the `Authorization: Bearer` header. - Privileged Access: Once authenticated, attackers gain full control over the account’s messages, API functions, and configured tools. - Downstream Risks: Middleware tool prefixing (e.g., account-specific restrictions) fails to mitigate the issue, as the flaw occurs during session selection, not tool enforcement. ### Remediation & Response The vulnerability was reported by David Carliez and patched in version 0.19.1, which enforces stricter token validation. Recommended actions include: - Immediate upgrades to the latest version. - Rotation of default/legacy session files to prevent lingering exposure. - Log audits for suspicious bearer tokens containing traversal sequences. The flaw underscores the risks of improper path handling in authentication systems, where filesystem-dependent logic can undermine security boundaries.
INCIDENT DETAILS -
TYPE
Authentication Bypass
IMPACT
Data Compromised: Telegram session data (messages, MTProto API calls, exposed tools)Systems Affected: fast-mcp-telegram (versions ≤ 0.19.0)Operational Impact: Unauthorized access to Telegram accounts, impersonation of default account
DATA BREACH
Type Of Data Compromised: Telegram session data (messages, API calls, tools)Sensitivity Of Data: High (account access, message read/write capabilities)File Types Exposed: .session files
JUNE 2026
813Before Incident
MAY 2026
813Before Incident
APRIL 2026
813Before Incident
MARCH 2026
813Before Incident
FEBRUARY 2026
813Before Incident
JANUARY 2026
813Before Incident
DECEMBER 2025
813Before Incident
NOVEMBER 2025
813Before Incident
OCTOBER 2025
813Before Incident
SEPTEMBER 2025
813Before Incident
AUGUST 2025
813Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for GT Protocol ?
?
What was GT Protocol's A.I Rankiteo Cyber Score in June 2026 ?
?
What was GT Protocol's A.I Rankiteo Cyber Score in May 2026 ?
?
What was GT Protocol's A.I Rankiteo Cyber Score in April 2026 ?
?
What was GT Protocol's A.I Rankiteo Cyber Score in March 2026 ?
?
What was GT Protocol's A.I Rankiteo Cyber Score in February 2026 ?
?
What was GT Protocol's A.I Rankiteo Cyber Score in January 2026 ?
?
What was GT Protocol's A.I Rankiteo Cyber Score in December 2025 ?
?
What was GT Protocol's A.I Rankiteo Cyber Score in November 2025 ?
?
What was GT Protocol's A.I Rankiteo Cyber Score in October 2025 ?
?
What was GT Protocol's A.I Rankiteo Cyber Score in September 2025 ?
?
What was GT Protocol's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on GT Protocol's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with GT Protocol ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view GT Protocol's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?