CVE-2026-34227HIGH 8.8EPSS p31.2%

CVE-2026-34227CVE-2026-34227

Description

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, ntds.dit) or destroying the entire compromised infrastructure, entirely through the operator's own browser. This issue has been patched in version 1.7.4.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.40% probability of exploitation · percentile 31.2% · 2026-06-18T12:00:27Z
Published2026-03-31
Last modified2026-04-03

Underlying weaknesses· 2

CWE-306CWE-942

References

  1. https://github.com/BishopFox/sliver/security/advisories/GHSA-6fpf-248c-m7wm
  2. https://github.com/BishopFox/sliver/security/advisories/GHSA-6fpf-248c-m7wm

2

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live
WeaknessPermissive Cross-domain Security Policy with Untrusted Domainscwe-9420%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-21342
CVE
CVE-2026-26422
CVE
CVE-2026-45327
CVE
CVE-2026-23654
Software
SLIVER
CVE
CVE-2026-32296
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.