Description

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. This vulnerability is fixed in 1.6.11.

INFO

Published Date :

2026-02-06T21:32:27.276Z

Last Modified :

2026-02-06T21:32:27.276Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25760 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25760.

URL Resource
https://github.com/BishopFox/sliver/commit/818127349ccec812876693c4ca74ebf4350ec6b7 cve-icon cve-icon
https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact