CVE ID :CVE-2026-4984 Published : March 27, 2026, 3:17 p.m. | 29 minutes ago Description :The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP requests that include the integration's Twilio credentials in the 'Authorization' header. An attacker can forge a webhook payload pointing to their own server and receive the victim's 'accountSID' and 'authToken' in plaintext (base64-encoded Basic Auth), leading to full compromise of the Twilio account. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...