Go modules package
github.com/bishopfox/sliver
pkg:golang/github.com/bishopfox/sliver
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34227 | Hig | 8.8 | < 1.7.4 | 1.7.4 | Mar 31, 2026 | Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected ta | |
| CVE-2026-32941 | Med | 6.5 | <= 1.7.3 | — | Mar 20, 2026 | Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM (Out-of-Memory) vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions | |
| CVE-2026-29781 | Med | 6.5 | <= 1.7.3 | — | Mar 7, 2026 | Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentia | |
| CVE-2026-25791 | — | < 1.6.12 | 1.6.12 | Feb 9, 2026 | Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sess | ||
| CVE-2026-25760 | — | < 1.6.11 | 1.6.11 | Feb 6, 2026 | Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary f | ||
| CVE-2025-27093 | Med | 6.3 | < 1.5.44 | 1.5.44 | Oct 28, 2025 | Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, | |
| CVE-2025-27090 | — | >= 1.5.26, < 1.5.43 | 1.5.43 | Feb 19, 2025 | Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without | ||
| CVE-2024-41111 | Hig | 7.2 | >= 1.5.40, < 1.6.0 | 1.6.0 | Jul 18, 2024 | Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as th | |
| CVE-2023-34758 | — | >= 1.5.0, < 1.5.40 | 1.5.40 | Aug 28, 2023 | Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses. |
- affected < 1.7.4fixed 1.7.4
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected ta
- affected <= 1.7.3
Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM (Out-of-Memory) vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions
- affected <= 1.7.3
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentia
- CVE-2026-25791Feb 9, 2026affected < 1.6.12fixed 1.6.12
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sess
- CVE-2026-25760Feb 6, 2026affected < 1.6.11fixed 1.6.11
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary f
- affected < 1.5.44fixed 1.5.44
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly,
- CVE-2025-27090Feb 19, 2025affected >= 1.5.26, < 1.5.43fixed 1.5.43
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without
- affected >= 1.5.40, < 1.6.0fixed 1.6.0
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as th
- CVE-2023-34758Aug 28, 2023affected >= 1.5.0, < 1.5.40fixed 1.5.40
Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.