CVE-2026-25760

Medium CVSS: 6.5

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. This vulnerability is fixed in 1.6.11.

Vendor

Bishopfox

Product

Sliver

CWE

CWE-22

Yayın Tarihi

2026-02-06 22:16:12

Güncelleme

2026-02-19 18:02:59

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Sliver MEDIUM Bishopfox 2026

Referanslar

https://github.com/BishopFox/sliver/commit/818127349ccec812876693c4ca74ebf4350ec6b7 https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2

Benzer Kayıtlar

Medium

CVE-2026-34227

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click…

High

CVE-2026-32941

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remo…

Medium

CVE-2026-29781

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vul…

High

CVE-2026-25791

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener acc…

Medium

CVE-2025-27090

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all s…