Unrated severityCISA KEVNVD Advisory· Published Jul 2, 2024· Updated Oct 21, 2025
CVE-2024-39891
CVE-2024-39891
Description
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Twilio/Authydescription
- Range: <25.1.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.