GT Protocol A.I CyberSecurity Scoring
GT Protocol
Company Information
Website:https://gt-protocol.io/
Employees number:31
Number of followers:0
NAICS:52
Industry Type:Financial Services
Homepage:gt-protocol.io
GT Protocol Risk Score (AI oriented)
Between 800 and 849
GT ProtocolFinancial Services
Updated:
06/07/2026
06/07/2026
810/1000
Good
A
GT Protocol Global Score (TPRM)
xxxx
GT ProtocolFinancial Services
Score locked

GT ProtocolGood
Current Score
810A (GOOD)
01000
1 incidents
-3 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
813
Vulnerability
06 Jul 2026 • GT Protocol
fast-mcp-telegram and Telegram: Critical fast-mcp-telegram Vulnerability Lets Attackers Access Telegram Session Without Token
Critical Path-Traversal Flaw in fast-mcp-telegram Exposes Telegram Accounts to Unauthorized Access
810
CRITICAL-3
TELGTP1783340994
Critical Path-Traversal Flaw in fast-mcp-telegram Exposes Telegram Accounts to Unauthorized Access
A severe vulnerability (CVE-2026-52830, GHSA-rxw2-pc8j-vxwm) in fast-mcp-telegram a Telegram MCP server bridging accounts to AI assistants and HTTP clients allows attackers to bypass authentication and gain full access to a Telegram session by exploiting a path-traversal flaw in session file resolution.
### Vulnerability Details
The flaw affects versions ≤ 0.19.0 of fast-mcp-telegram, where bearer tokens are improperly validated. Instead of treating tokens as opaque identifiers, the server constructs session file paths by directly appending the token to a directory (e.g., `session_dir/{token}.session`). While the code blocks reserved names like telegram, it fails to sanitize path separators (`/`, `\`, `..`), enabling attackers to craft malicious tokens (e.g., `../fast-mcp-telegram/telegram`) that resolve to the default `telegram.session` file.
This bypasses the intended high-entropy token requirement, granting unauthorized access to the default Telegram account including message read/write capabilities, MTProto API calls, and exposed tools without requiring a valid token.
### Impact & Exploitation
- Authentication Bypass: Attackers can impersonate the default Telegram account by submitting a traversal sequence in the `Authorization: Bearer` header.
- Privileged Access: Once authenticated, attackers gain full control over the account’s messages, API functions, and configured tools.
- Downstream Risks: Middleware tool prefixing (e.g., account-specific restrictions) fails to mitigate the issue, as the flaw occurs during session selection, not tool enforcement.
### Remediation & Response
The vulnerability was reported by David Carliez and patched in version 0.19.1, which enforces stricter token validation. Recommended actions include:
- Immediate upgrades to the latest version.
- Rotation of default/legacy session files to prevent lingering exposure.
- Log audits for suspicious bearer tokens containing traversal sequences.
The flaw underscores the risks of improper path handling in authentication systems, where filesystem-dependent logic can undermine security boundaries.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2026
813
MAY 2026
813
APRIL 2026
813
MARCH 2026
813
FEBRUARY 2026
813
JANUARY 2026
813
DECEMBER 2025
813
NOVEMBER 2025
813
OCTOBER 2025
813
SEPTEMBER 2025
813
AUGUST 2025
813
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for GT Protocol ??
What was GT Protocol's A.I Rankiteo Cyber Score in June 2026 ??
What was GT Protocol's A.I Rankiteo Cyber Score in May 2026 ??
What was GT Protocol's A.I Rankiteo Cyber Score in April 2026 ??
What was GT Protocol's A.I Rankiteo Cyber Score in March 2026 ??
What was GT Protocol's A.I Rankiteo Cyber Score in February 2026 ??
What was GT Protocol's A.I Rankiteo Cyber Score in January 2026 ??
What was GT Protocol's A.I Rankiteo Cyber Score in December 2025 ??
What was GT Protocol's A.I Rankiteo Cyber Score in November 2025 ??
What was GT Protocol's A.I Rankiteo Cyber Score in October 2025 ??
What was GT Protocol's A.I Rankiteo Cyber Score in September 2025 ??
What was GT Protocol's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on GT Protocol's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with GT Protocol ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view GT Protocol's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?