CVE-2026-4984
CVE-2026-4984 affects Botpress’s Twilio integration webhook handler. The vulnerability arises because the webhook accepts POST requests without validating Twilio’s X-Twilio-Signature, and when processing media messages it fetches user-controlled URLs (MediaUrlN) via HTTP requests that include the...