CVE advisoryKnown Exploit
CVE-2024-39891
Authy API Information Disclosure Vulnerability
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
An unauthenticated endpoint in the Twilio Authy API allowed attackers to determine if phone numbers were registered with Authy, potentially enabling targeted attacks like phishing or SIM swapping. This vulnerability was exploited in the wild. Affected systems include Authy Android and iOS applications. The business ris