theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2024-39891

CISA KEV

Published July 23, 2024 · Updated April 3, 2026

high
Official Description+

Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.

Affected Products

VendorProduct
TwilioAuthy

Patch Status

Patch by 2024-08-13

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2024-39891.