Description

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic. Because the mTLS, WireGuard, and DNS transport layers lack the panic recovery middleware present in the HTTP transport, this results in a global process termination. While requiring post-authentication access (a captured implant), this flaw effectively acts as an infrastructure "kill-switch," instantly severing all active sessions across the entire fleet and requiring a manual server restart to restore operations. At time of publication, there are no publicly available patches.

INFO

Published Date :

2026-03-07T15:25:23.698Z

Last Modified :

2026-03-09T18:26:52.610Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-29781 vulnerability.

Vendors Products
Bishopfox
  • Sliver
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-29781.

URL Resource
https://github.com/BishopFox/sliver/security/advisories/GHSA-hx52-cv84-jr5v cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact