github.com/bishopfox/sliver (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/bishopfox/sliver, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2026-34227 — CVSS 8.8 (high): Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link…
CVE-2023-34758 — CVSS 8.1 (high): Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack…
CVE-2026-25791 — CVSS 7.5 (high): Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts…
CVE-2024-41111 — CVSS 7.2 (high): Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform…
CVE-2026-25760 — CVSS 6.5 (medium): Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content…
CVE-2026-29781 — CVSS 6.5 (medium): Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists…
CVE-2026-32941 — CVSS 6.5 (medium): Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM…
CVE-2025-27093 — CVSS 6.3 (medium): Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version…
CVE-2025-27090 — CVSS 5.3 (medium): Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform…
CVE-2023-35170: Rejected reason: This CVE is a duplicate of another CVE.