CVE-2026-4984 Botpress - Credential Disclosure via Twilio Webhook Handler

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs 'MediaUrlN' parameters using HTTP requests that include the integration's Twilio credentials in the 'Authorization'...

CVE-2026-4984

CVE-2026-4984 affects Botpress’s Twilio integration webhook handler. The vulnerability arises because the webhook accepts POST requests without validating Twilio’s X-Twilio-Signature, and when processing media messages it fetches user-controlled URLs (MediaUrlN) via HTTP requests that include the...

BentoML Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible BentoML instance on the target application. BentoML is an open-source inference platform. This detection is included in the AI and LLM category. No source data...

Botpress Chatbot Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Botpress chatbot on the target application. Botpress is an open-source visual framework to build & deploy GPT/LLM Agents. This detection is included in the AI and LLM category. No source data...