How do I know if I'm affected by this vulnerability?

Check your installed version of `telnyx` using `pip show telnyx | grep Version`. Also, inspect your pip cache for versions 4.87.1 or 4.87.2 using `pip cache list telnyx`. If you installed between the specified timeframe without pinning a version, you are likely affected.

Why were there two malicious versions (4.87.1 and 4.87.2)?

Version 4.87.1 contained a typo that prevented the malware from executing. The attacker uploaded version 4.87.2 sixteen minutes later to correct the typo and enable the full attack chain.

What secrets should I rotate after this incident?

Rotate all potentially exposed secrets, including SSH keys, AWS/GCP/Azure credentials, Kubernetes tokens, Docker configs, .env files, database credentials, and crypto wallets. Treat any accessible secrets as compromised.

How can I prevent this from happening again?

Pin your dependencies to specific versions in your `requirements.txt` file. Regularly review and update your dependencies to ensure you're using the latest secure versions. Consider using a dependency vulnerability scanning tool.

NEXTGUARD

Back to blog

CVSS 9.5GHSA-955r-262c-33jc

Critical: Malicious Code in Telnyx Python Package Steals Credentials

Urgent: Malicious versions 4.87.1 and 4.87.2 of the Telnyx Python package contain credential-stealing malware. Patch immediately to prevent SSH key, cloud, and database compromise. See details and fix commands.

Published on April 6, 2026

A critical vulnerability has been identified in the Telnyx Python package. Malicious versions 4.87.1 and 4.87.2, published on March 27, 2026, contain credential-stealing malware. A patch is available; immediate action is required to mitigate the risk of data compromise.

This vulnerability has a CVSS score of 9.5, indicating a critical level of severity due to the potential for widespread exploitation and significant impact.

What is Telnyx?

Telnyx is a Python library that provides access to Telnyx's communication APIs, enabling developers to integrate voice, SMS, and other communication features into their applications. It simplifies interactions with Telnyx's services, allowing for streamlined development of communication-centric software. This vulnerability affects specific versions of the library and highlights the importance of version pinning and dependency management. search all telnyx CVEs

Telnyx Python Package Compromise

CVSS9.5

Affected versionsUsers who installed or upgraded the `telnyx` Python package between 03:51 UTC and 10:13 UTC on March 27, 2026, are potentially affected. This includes those who installed without pinning a version or had a transitive dependency that pulled in the compromised versions.

Critical: Remote code execution and credential theft.

An attacker compromised PyPI credentials and uploaded malicious versions 4.87.1 and 4.87.2 of the `telnyx` Python package directly to PyPI, bypassing the legitimate GitHub release pipeline. These versions contain credential-stealing malware that executes upon import.

How to fix GHSA-955r-262c-33jc in Telnyx

Patch immediately

1.Uninstall the compromised version of the Telnyx package.
2.Rotate all potentially exposed secrets.
3.Pin the Telnyx package to a safe version.

Uninstall Telnyx

pip uninstall telnyx

Verify with:

verify

pip show telnyx | grep Version

Workaround: There is no workaround other than uninstalling the compromised version and patching.

NextGuard automatically flags CVE-GHSA-955r-262c-33jc if `telnyx` appears in any of your monitored projects — no manual lookup required.

Stay ahead of Python vulnerabilities

Proactively identify and address vulnerabilities in your Python dependencies. Regularly scanning your projects can help prevent exploitation and data breaches. monitor your python dependencies

Compare your dependencies

Frequently asked questions

The compromise of the Telnyx Python package highlights the importance of secure dependency management and proactive vulnerability scanning. Take immediate action to patch your systems and rotate any potentially compromised secrets. see all python vulnerabilities