HIGH
Tenable
CVE published 2026-03-27
CVE-2026-4984
CVE-2026-4984 is a webhook security flaw in a Twilio integration where POST requests are accepted without validating Twilio’s X-Twilio-Signature. When media messages are processed, the handler can fetch attacker-controlled MediaUrlN values and include the integration’s Twilio credentials in an Authorization header. In the scenario described in the supplied record, that can expose the accountSID and authTo [truncated]