12 matches found
CVE-2026-34227
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data e.g. SS...
EUVD-2026-17490
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data e.g. SS...
PT-2026-29285
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data e.g. SS...
SUSE CVE-2026-29781
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...
CVE-2026-25760
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...
CVE-2026-25760 Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...
Improper Access Control
github.com/bishopfox/sliver is vulnerable to Improper Access Control. The vulnerability is due to the custom WireGuard netstack not restricting traffic between connected clients, which allows an attacker with leaked or recovered keypairs to communicate with other implants, access exposed port...
SUSE CVE-2025-27093
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
CVE-2025-27093
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
GHSA-Q8J9-34QF-7VQ7 Silver has unrestricted traffic between Wireguard clients
Summary Sliver's custom Wireguard netstack doesn't limit traffic between Wireguard clients, this could lead to: 1. Leaked/recovered keypair from a beacon being used to attack operators. 2. Port forwardings usable from other implants. Details 1. Sliver treat operators' Wireguard config and...
PT-2025-44202
Name of the Vulnerable Software and Affected Versions Sliver versions 1.5.43 and earlier, and version 1.6.0-dev Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does...