CVE-2026-32941

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

PT-2026-26148

Name of the Vulnerable Software and Affected Versions Sliver versions 1.7.3 and below Description Sliver is a command and control framework that utilizes a custom Wireguard network stack. Versions 1.7.3 and below contain a Remote Out-of-Memory OOM issue in the mTLS and WireGuard C2 transport laye...

CVE-2026-29781

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...

Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers

Executive Summary A vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic...

PT-2026-23444

Name of the Vulnerable Software and Affected Versions Sliver versions prior to the fix Description Sliver, a C2 server, contains a systemic lack of nil-pointer validation in its Protobuf unmarshalling logic. This allows an authenticated actor, by omitting nested fields in a signed message, to...

Sliver has Potential Zip Bomb Denial of Service in GzipEncoder

Summary GzipEncoder does not limit output size when processing compressed data. This allows unauthenticated remote attackers to crash sliver server by sending a http request with highly compressed gzip data aka zip bomb. Details In util/encoders/gzip.go, Decode method decompresses given data by...

GHSA-2PHG-QGMM-R638 Sliver has Potential Zip Bomb Denial of Service in GzipEncoder

Summary GzipEncoder does not limit output size when processing compressed data. This allows unauthenticated remote attackers to crash sliver server by sending a http request with highly compressed gzip data aka zip bomb. Details In util/encoders/gzip.go, Decode method decompresses given data by...

Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated)

Summary A Path Traversal vulnerability in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated Path Traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. Affected Component - Websit...

GHSA-2286-HXV5-CMP2 Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated)

Summary A Path Traversal vulnerability in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated Path Traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. Affected Component - Websit...

Improper Restriction of Communication Channel to Intended Endpoints

Overview Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in the custom netstack implementation. An attacker can access internal services or execute unauthorized actions by recovering a Wireguard private key from a process dum...