github.com/bishopfox/sliver
Go9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/bishopfox/sliverpage 1 of 1
- CVE-2023-34758HIGHCVSS 8.1EG 8.1✓ Fixed in 1.5.402023-08-28
Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.
- CVE-2024-41111HIGHCVSS 7.2EG 7.22024-07-18
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-pri…
- CVE-2025-27090MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.5.432025-02-19
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse…
- CVE-2025-27093MEDIUMCVSS 6.3EG 6.3✓ Fixed in 1.5.442025-10-28
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to co…
- CVE-2026-25760MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.6.112026-02-06
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an a…
- CVE-2026-25791HIGHCVSS 7.5EG 7.5✓ Fixed in 1.6.122026-02-09
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even…
- CVE-2026-29781MEDIUMCVSS 6.5EG 6.52026-03-07
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validati…
- CVE-2026-32941MEDIUMCVSS 6.5EG 6.52026-03-20
Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM (Out-of-Memory) vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnv…
- CVE-2026-34227HIGHCVSS 8.8EG 8.8✓ Fixed in 1.7.42026-03-31
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon,…
Check whether github.com/bishopfox/sliver is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/bishopfox/sliver CVEs against the assets you own.
Start Free Scan →