VYPR

Sliver

by Bishopfox

Source repositories

CVEs (8)

  • CVE-2026-34227HigMar 31, 2026
    risk 0.57cvss 8.8epss 0.00

    Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected…

  • CVE-2026-32941MedMar 20, 2026
    risk 0.42cvss 6.5epss 0.00

    Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM (Out-of-Memory) vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions…

  • CVE-2026-29781MedMar 7, 2026
    risk 0.42cvss 6.5epss 0.01

    Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant…

  • CVE-2024-41111HigJul 18, 2024
    risk 0.40cvss 7.2epss 0.01

    Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as…

  • CVE-2025-27093MedOct 28, 2025
    risk 0.34cvss 6.3epss 0.00

    Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other…

  • CVE-2026-25791Feb 9, 2026
    risk 0.00cvss epss 0.00

    Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because…

  • CVE-2026-25760Feb 6, 2026
    risk 0.00cvss epss 0.00

    Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary…

  • CVE-2025-27090Feb 19, 2025
    risk 0.00cvss epss 0.01

    Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without…