{
  "claim_outcome": "partial",
  "claim_block_reason": "blocking_mitigation",
  "repro_result": "confirmed",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "authz_bypass",
  "observed_impact_class": "authz_bypass",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "HTTP Authorization header containing the Bearer token traversal alias ./telegram",
  "trigger_path": "POST /v1/mcp -> SessionFileTokenVerifier.verify_token() -> session_dir / './telegram.session' -> resolves to telegram.session",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated": false,
  "blocking_mitigation": "fixed in fast-mcp-telegram 0.19.1 by a strict bearer-token regex (^[A-Za-z0-9_-]{43}$) and a resolved-path containment check in session_file_path(); the ./telegram alias is rejected before any filesystem access. The variant is an alternate trigger on the vulnerable version, not a bypass of the fix.",
  "inferred": false
}
