CVE-2026-25760
- Source
- https://cve.org/CVERecord?id=CVE-2026-25760
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25760.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-25760
- Aliases
- Published
- 2026-02-06T21:32:27.276Z
- Modified
- 2026-02-08T04:06:40.378163Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver
- Details
-
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. This vulnerability is fixed in 1.6.11.
- Database specific
{ "cwe_ids": [ "CWE-22" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25760.json" }- References
Affected packages
Git / github.com/bishopfox/sliver
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bishopfox/sliver
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
git-7d47fe39
v0.*
v0.0.1-alpha
v0.0.2-alpha
v0.0.3-alpha
v0.0.5-alpha
v0.0.6-alpha
v1.*
v1.0.0-beta
v1.0.2-beta
v1.0.3-beta
v1.0.6-beta
v1.0.7-beta
v1.0.8-beta
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.17
v1.4.18
v1.4.19
v1.4.2
v1.4.20
v1.4.21
v1.4.22
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.1
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.14
v1.5.15
v1.5.16
v1.5.17
v1.5.18
v1.5.19
v1.5.2
v1.5.20
v1.5.21
v1.5.22
v1.5.23
v1.5.24
v1.5.25
v1.5.26
v1.5.27
v1.5.28
v1.5.29
v1.5.3
v1.5.30
v1.5.31
v1.5.32
v1.5.33
v1.5.34
v1.5.35
v1.5.36
v1.5.37
v1.5.38
v1.5.39
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.6.1
v1.6.10
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9