Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.
Remediation
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploit info
No exploit-tagged NVD references in our cache; see the CISA KEV link below.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.