Vulnerable server (0.19.0): reserved telegram -> 401 Vulnerable server (0.19.0): ./telegram header -> 200 Vulnerable server (0.19.0): ../fast-mcp-telegram/telegram header -> 200 Vulnerable server (0.19.0): invalid token -> 401 Vulnerable server (0.19.0): ./telegram URL -> 401 Fixed server (0.19.1): ./telegram header -> 401 Fixed server (0.19.1): ../fast-mcp-telegram/telegram header -> 401 Fixed server (0.19.1): ./telegram URL -> 401 --- Vulnerable ./telegram traversal response (first 20 lines) --- event: message data: {"jsonrpc":"2.0","id":1,"result":{"tools":[{"name":"search_messages_globally","title":"Search messages globally","description":"Search all Telegram chats at once (not scoped to one chat). Comma-separated query terms; optional filters by date, chat kind, and public username. Success: message list and metadata dict. Global search ignores include_total_count. Full documentation: https://github.com/leshchenko1979/fast-mcp-telegram/blob/main/docs/Tools-Reference.md","inputSchema":{"additionalProperties":false,"properties":{"query":{"description":"Search terms, comma-separated for multiple terms (OR-style global search). Required.","type":"string"},"limit":{"default":50,"description":"Maximum messages to return (recommended 50 or less).","type":"integer"},"min_date":{"default":null,"description":"Inclusive minimum date filter (ISO 8601 date or datetime). Omit for no lower bound.","type":"string"},"max_date":{"default":null,"description":"Inclusive maximum date filter (ISO 8601 date or datetime). Omit for no upper bound.","type":"string"},"chat_type":{"default":null,"description":"Comma-separated chat kinds: private, bot, group, channel. Case-insensitive; extra spaces allowed.","type":"string"},"public":{"default":null,"description":"If true, prefer chats with a public username; if false, without. Does not apply to private DMs. Omit to skip this filter.","type":"boolean"},"auto_expand_batches":{"default":2,"description":"Extra search batches to run when filters narrow results. Higher values may return more matches at the cost of latency.","type":"integer"},"include_total_count":{"default":false,"description":"If true, response may include total_count where supported (per-chat search; ignored for global search).","type":"boolean"}},"required":["query"],"type":"object"},"outputSchema":{"additionalProperties":true,"type":"object"},"annotations":{"title":"Search messages globally","readOnlyHint":true,"idempotentHint":true,"openWorldHint":true},"_meta":{"fastmcp":{"tags":[]}}},{"name":"get_messages","title":"Get messages in chat","description":"Read or search messages in one chat: browse latest, search text, fetch by ids, or load replies to a message (comments, forum topics, threads). Do not combine message_ids with query or reply_to_id. Success: messages, has_more, optional total_count and discussion fields. Full documentation: https://github.com/leshchenko1979/fast-mcp-telegram/blob/main/docs/Tools-Reference.md","inputSchema":{"additionalProperties":false,"properties":{"chat_id":{"description":"Target chat: numeric id (e.g. -100…), username without @, or 'me' for Saved Messages.","type":"string"},"query":{"default":null,"description":"Search within this chat only; comma-separated terms. Omit to browse latest or use message_ids / reply_to_id modes.","type":"string"},"message_ids":{"default":null,"description":"Exact message ids to fetch. Mutually exclusive with query and reply_to_id.","items":{"type":"integer"},"type":"array"},"reply_to_id":{"default":null,"description":"Anchor message id: channel post id, forum topic_id from get_chat_info, or a message id for direct replies. Use with thread_scope.","type":"integer"},"thread_scope":{"default":"auto","description":"Only with reply_to_id. auto: full forum topic (topic_id) or channel comment thread via getReplies; else direct replies. full: nested branch under a message id (forum in-topic uses search window, not whole topic); supergroup threads use search top_msg_id. direct: immediate replies only.","enum":["auto","full","direct"],"type":"string"},"limit":{"default":50,"description":"Maximum messages to return (recommended 50 or less).","type":"integer"},"min_date":{"default":null,"description":"Inclusive minimum date filter (ISO 8601 date or datetime). Omit for no lower bound.","type":"string"},"max_date":{"default":null,"description":"Inclusive maximum date filter (ISO 8601 date or datetime). Omit for no upper bound.","type":"string"},"auto_expand_batches":{"default":2,"description":"Extra search batches to run when filters narrow results. Higher values may return more matches at the cost of latency.","type":"integer"},"include_total_count":{"default":false,"description":"If true, response may include total_count where supported (per-chat search; ignored for global search).","type":"boolean"}},"required":["chat_id"],"type":"object"},"outputSchema":{"additionalProperties":true,"type":"object"},"annotations":{"title":"Get messages in chat","readOnlyHint":true,"idempotentHint":true,"openWorldHint":true},"_meta":{"fastmcp":{"tags":[]}}},{"name":"send_message","title":"Send message","description":"Send text and optional attachments to a chat. Success: send result dict. Full documentation: https://github.com/leshchenko1979/fast-mcp-telegram/blob/main/docs/Tools-Reference.md","inputSchema":{"additionalProperties":false,"properties":{"chat_id":{"description":"Target chat: numeric id (e.g. -100…), username without @, or 'me' for Saved Messages.","type":"string"},"message":{"description":"Message text. When sending files, used as caption.","type":"string"},"reply_to_id":{"default":null,"description":"Telegram message id to reply to. For forums, topic root id; for channel posts, post id (may create a comment). Omit for a new top-level message.","type":"integer"},"parse_mode":{"default":"auto","description":"'markdown', 'html', or 'auto' (detect from content). Default is 'auto'.","enum":["markdown","html","auto"],"type":"string"},"files":{"default":null,"description":"List of attachment URLs or local paths (one or more strings). Local paths work in stdio mode only.","items":{"type":"string"},"type":"array"}},"required":["chat_id","message"],"type":"object"},"outputSchema":{"additionalProperties":true,"type":"object"},"annotations":{"title":"Send message","destructiveHint":true,"openWorldHint":true},"_meta":{"fastmcp":{"tags":[]}}},{"name":"edit_message","title":"Edit message","description":"Replace text of an existing message you can edit in this chat. Success: edit result dict. Full documentation: https://github.com/leshchenko1979/fast-mcp-telegram/blob/main/docs/Tools-Reference.md","inputSchema":{"additionalProperties":false,"properties":{"chat_id":{"description":"Target chat: numeric id (e.g. -100…), username without @, or 'me' for Saved Messages.","type":"string"},"message_id":{"description":"Message id in this chat to edit (from get_messages or Telegram).","type":"integer"},"message":{"description":"Message text. When sending files, used as caption.","type":"string"},"parse_mode":{"default":"auto","description":"'markdown', 'html', or 'auto' (detect from content). Default is 'auto'.","enum":["markdown","html","auto"],"type":"string"}},"required":["chat_id","message_id","message"],"type":"object"},"outputSchema":{"additionalProperties":true,"type":"object"},"annotations":{"title":"Edit message","destructiveHint":true,"idempotentHint":true,"openWorldHint":true},"_meta":{"fastmcp":{"tags":[]}}},{"name":"find_chats","title":"Find chats","description":"Find users/groups/channels by name, username, or phone. Global search (query required) searches all Telegram; with min_date, max_date, or filter, search uses dialog list or a named filter; include_peers filters use last-activity from GetPeerDialogs; flag-based filters use dialog list dates. Success: dict with key chats (list of chat objects). Full documentation: https://github.com/leshchenko1979/fast-mcp-telegram/blob/main/docs/Tools-Reference.md","inputSchema":{"additionalProperties":false,"properties":{"query":{"default":null,"description":"Name, username (no @), phone (+country…), or comma-separated multi-queries. Required for global search unless you use min_date/max_date or folder alone.","type":"string"},"limit":{"default":20,"description":"Maximum chats to return (recommended 50 or less).","type":"integer"},"chat_type":{"default":null,"description":"Comma-separated chat kinds: private, bot, group, channel. Case-insensitive; extra spaces allowed.","type":"string"},"public":{"default":null,"description":"If true, prefer chats with a public username; if false, without. Does not apply to private DMs. Omit to skip this filter.","type":"boolean"},"min_date":{"default":null,"description":"Inclusive minimum date filter (ISO 8601 date or datetime). Omit for no lower bound.","type":"string"},"max_date":{"default":null,"description":"Inclusive maximum date filter (ISO 8601 date or datetime). Omit for no upper bound.","type":"string"},"folder":{"default":null,"description":"Telegram folder name (case-insensitive exact match after normalization). In Telegram's UI these are called folders; internally they are \"dialog filters\" — saved filter presets that group chats by custom criteria (pinned, unread, business, etc.). See Filters-vs-Folders.md for the technical distinction.","type":"string"}},"type":"object"},"outputSchema":{"additionalProperties":true,"type":"object"},"annotations":{"title":"Find chats","readOnlyHint":true,"idempotentHint":true,"openWorldHint":true},"_meta":{"fastmcp":{"tags":[]}}},{"name":"get_chat_info","title":"Get chat info","description":"Load profile and metadata for one user, bot, group, or channel. Success: info dict; forum chats may include topics up to topics_limit. Full documentation: https://github.com/leshchenko1979/fast-mcp-telegram/blob/main/docs/Tools-Reference.md","inputSchema":{"additionalProperties":false,"properties":{"chat_id":{"description":"Target chat: numeric id (e.g. -100…), username without @, or 'me' for Saved Messages.","type":"string"},"topics_limit":{"default":20,"description":"Max forum topics to list when the chat is a forum.","type":"integer"}},"required":["chat_id"],"type":"object"},"outputSchema":{"additionalProperties":true,"type":"object"},"annotations":{"title":"Get chat info","readOnlyHint":true,"idempotentHint":true,"openWorldHint":true},"_meta":{"fastmcp":{"tags":[]}}},{"name":"send_message_to_phone","title":"Send message to phone","description":"Send to a phone number: may create a temporary contact, then send text or files. Success: send result plus contact_was_new / contact_removed when applicable. Full documentation: https://github.com/leshchenko1979/fast-mcp-telegram/blob/main/docs/Tools-Reference.md","inputSchema":{"additionalProperties":false,"properties":{"phone_number":{"description":"E.164 phone number with country code, e.g. +1234567890 (must be on Telegram).","type":"string"},"message":{"description":"Message text. When sending files, used as caption.","type":"string"},"first_name":{"default":"Contact","description":"First name when creating a temporary contact.","type":"string"},"last_name":{"default":"Name","description":"Last name when creating a temporary contact.","type":"string"},"remove_if_new":{"default":false,"description":"If true, delete the contact after send when it was created only for this send.","type":"boolean"},"reply_to_msg_id":{"default":null,"description":"Reply to this message id in the target chat after resolve.","type":"integer"},"parse_mode":{"default":"auto","description":"'markdown', 'html', or 'auto' (detect from content). Default is 'auto'.","enum":["markdown","html","auto"],"type":"string"},"files":{"default":null,"description":"List of attachment URLs or local paths (one or more strings). Local paths work in stdio mode only.","items":{"type":"string"},"type":"array"}},"required":["phone_number","message"],"type":"object"},"outputSchema":{"additionalProperties":true,"type":"object"},"annotations":{"title":"Send message to phone","destructiveHint":true,"openWorldHint":true},"_meta":{"fastmcp":{"tags":[]}}},{"name":"invoke_mtproto","title":"Invoke MTProto","description":"Low-level Telegram API (MTProto) invoke for methods not wrapped by other tools. Dangerous methods require allow_dangerous=true. Success: API result dict or normalized error. Full documentation: https://github.com/leshchenko1979/fast-mcp-telegram/blob/main/docs/Tools-Reference.md","inputSchema":{"additionalProperties":false,"properties":{"method_full_name":{"description":"Telegram API method, e.g. \"messages.GetHistory\" or \"users.GetFullUser\" (normalization applied).","type":"string"},"params_json":{"description":"JSON object string of TL parameters as in Telegram API docs; nested TL uses \"_\": \"typeName\" discriminator.","type":"string"},"allow_dangerous":{"default":false,"description":"If false, destructive methods (e.g. deletes) are blocked. Set true only when intended.","type":"boolean"},"resolve":{"default":true,"description":"If true, resolve string/int peer-like fields to TL Input* entities before invoke.","type":"boolean"}},"required":["method_full_name","params_json"],"type":"object"},"outputSchema":{"additionalProperties":true,"type":"object"},"annotations":{"title":"Invoke MTProto","destructiveHint":true,"openWorldHint":true},"_meta":{"fastmcp":{"tags":[]}}}]}} Variant ./telegram reproduces on 0.19.0 and is blocked by 0.19.1. Not a true bypass.