CVE-2026-32941 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

CVE-2026-32941 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

GHSA-HX52-CV84-JR5V Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers

Executive Summary A vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic...

GO-2026-4445 Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated) in github.com/bishopfox/sliver

Sliver Vulnerable to Website Path Traversal / Arbitrary File Read Authenticated in github.com/bishopfox/sliver...

EUVD-2026-0822

Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass...

Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass

Summary A specially crafted nonce routes unauthenticated requests through the NoEncoder path, where startSessionHandler reads the entire request body without limits, allowing attacker-driven memory exhaustion and process crash. Details - server/encoders/encoders.go: EncoderFromNonce returns...