What happened to the Telnyx Python package?

Versions 4.87.1 and 4.87.2 of the `telnyx` Python package were compromised with credential-stealing malware. A threat actor gained access to PyPI credentials and injected malicious code into these releases, bypassing the legitimate release pipeline. The malicious code was designed to harvest sensitive information from infected systems.

How do I know if I'm affected by the Telnyx malware?

You are likely affected if you installed or upgraded the `telnyx` package between 03:51 UTC and 10:13 UTC on March 27, 2026. Check your installed version using `pip show telnyx | grep Version` and examine your pip cache for versions 4.87.1 or 4.87.2. If you find these versions, you should assume your system is compromised.

What steps should I take to remediate the Telnyx vulnerability?

First, uninstall the compromised `telnyx` versions using `pip uninstall telnyx`. Then, rotate all potentially exposed secrets, including SSH keys, cloud credentials, database passwords, and API keys. Check for persistence mechanisms on your systems and pin your `telnyx` dependency to version 4.87.0 to prevent future infections.

Who is TeamPCP and what is their connection to the Telnyx attack?

The attack on the Telnyx package is attributed to TeamPCP with high confidence. This attribution is based on several factors, including the use of an identical RSA-4096 public key as the LiteLLM compromise, the `tpcp.tar.gz` archive naming convention, the same AES-256-CBC + RSA OAEP encryption scheme, and similar credential harvesting targets and techniques.

Telnyx versions contain credential harvesting malware (CVE-2026)

Multiple vulnerabilities have been discovered in the `telnyx` Python package, where versions 4.87.1 and 4.87.2 were compromised with credential-stealing malware. Users who installed or upgraded `telnyx` between March 27, 2026, 03:51 UTC and 10:13 UTC are at high risk. An upgrade to the latest version is recommended, but thorough remediation steps are crucial.

These vulnerabilities allow for arbitrary code execution and sensitive data exfiltration.

What is Telnyx?

Telnyx is a component for python. It is used for [fill in details]. The recent compromise of the Telnyx package on PyPI highlights the risks associated with supply chain vulnerabilities. To learn more, you can search all telnyx CVEs. Telnyx is a popular Python library, and its compromise could have far-reaching consequences for applications that depend on it. It's crucial to stay informed about vulnerabilities and take proactive steps to mitigate risks.

MAL-2026-2254: Malicious code execution in Telnyx

CVSS0.0

Affected versionsUsers who installed version 4.87.2 of the `telnyx` package are affected.

No CVSS score provided.

No EPSS score provided.

The `telnyx` package version 4.87.2 was identified as malicious by the OpenSSF Package Analysis project. The package executes commands associated with malicious behavior, posing a significant security risk.

How to fix MAL-2026-2254 in Telnyx

Patch immediately

1.Upgrade to the latest version of the `telnyx` package.

Upgrade Telnyx

pip install --upgrade telnyx

Workaround: Avoid using version 4.87.2 of the `telnyx` package.

NextGuard automatically flags MAL-2026-2254 if Telnyx appears in any of your monitored projects — no manual lookup required.

PYSEC-2026-3: Credential harvesting malware in Telnyx

CVSS0.0

Affected versionsUsers who installed versions 4.87.1 or 4.87.2 of `telnyx` are affected. Full compromise of exposed systems and credentials should be assumed.

No CVSS score provided.

No EPSS score provided.

Two `telnyx` versions were published containing credential harvesting malware after an API token exposure. The compromised versions execute code during import, downloading further stages from a remote host and exfiltrating sensitive credentials and files.

How to fix PYSEC-2026-3 in Telnyx

Patch immediately

1.Upgrade to the latest version of the `telnyx` package.
2.Revoke and rotate all potentially exposed credentials.
3.Isolate and analyze affected systems for malicious actions and modifications.

Upgrade Telnyx

pip install --upgrade telnyx

Workaround: Avoid using versions 4.87.1 and 4.87.2 of the `telnyx` package.

NextGuard automatically flags PYSEC-2026-3 if Telnyx appears in any of your monitored projects — no manual lookup required.

GHSA-955r-262c-33jc: Malicious code in Telnyx versions 4.87.1 and 4.87.2

CVSS9.5

Affected versionsYou are affected if you installed or upgraded the `telnyx` Python package between 03:51 UTC and 10:13 UTC on March 27, 2026, or if a dependency pulled in `telnyx` 4.87.1 or 4.87.2 as a transitive dependency.

Critical severity due to remote code execution.

No EPSS score provided.

A threat actor used compromised PyPI credentials to publish malicious versions of the `telnyx` package directly to PyPI. These versions contained credential-stealing malware that executes upon import of the `telnyx` module.

How to fix GHSA-955r-262c-33jc in Telnyx

Patch immediately

1.Check if you are affected by verifying the installed version and pip cache.
2.Remove compromised versions using `pip uninstall telnyx`.
3.Rotate all potentially exposed secrets, including SSH keys, cloud credentials, and database passwords.
4.Check for persistence mechanisms on Linux/macOS and Windows systems.
5.Pin to a safe version (4.87.0) using `pip install telnyx==4.87.0`.

Upgrade Telnyx

pip install --upgrade telnyx

Verify with:

verify

pip show telnyx | grep Version

Workaround: Pin your `telnyx` dependency to version 4.87.0 to avoid the compromised versions.

NextGuard automatically flags GHSA-955r-262c-33jc if Telnyx appears in any of your monitored projects — no manual lookup required.

Stay ahead of Python vulnerabilities

Proactively detect and remediate vulnerabilities in your Python dependencies. Use NextGuard to monitor your python dependencies and receive alerts on new threats.

Compare Plans

Frequently asked questions

The compromise of the `telnyx` package highlights the importance of supply chain security and proactive vulnerability management. Stay vigilant, regularly update your dependencies, and see all python vulnerabilities to mitigate potential risks. By taking these steps, you can protect your systems from similar attacks.