CVE-2026-34227
Unauthenticated Remote Control Vulnerability in Sliver C2 Framework
Publication date: 2026-03-31
Last updated on: 2026-04-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bishopfox | sliver | to 1.7.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-942 | The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated attackers to exfiltrate sensitive data such as SSH keys and ntds.dit files, which may contain personally identifiable information or protected health information.
Such unauthorized data access and exfiltration can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and mandate breach notification.
Additionally, the vulnerability enables attackers to destroy or modify critical infrastructure data, potentially impacting data integrity and availability requirements under these standards.
Can you explain this vulnerability to me?
CVE-2026-34227 is a critical vulnerability in the Sliver command and control (C2) framework versions prior to 1.7.4. It arises from insecure Cross-Origin Resource Sharing (CORS) configuration and lack of authentication on the Sliver Management and Control Protocol (MCP) interface.
The MCP server runs inside the Sliver client and by default binds an unauthenticated HTTP and Server-Sent Events interface to localhost:8080, returning a permissive Access-Control-Allow-Origin: * header. This allows any arbitrary website to issue cross-origin requests and interact with the MCP interface through the operatorβs browser without requiring credentials.
If misconfigured to bind to all network interfaces (0.0.0.0), the vulnerability escalates to unauthenticated remote access from any actor on the network or internet.
Exploitable MCP methods include viewing active sessions and beacons, and various filesystem commands such as listing directories, reading, deleting, moving, copying, creating, and modifying files.
The root cause is the insecure use of the mcp-go library which hardcodes permissive CORS headers and lacks authentication middleware or origin restrictions, allowing attackers to bypass browser security and silently control the C2 infrastructure through the operatorβs browser.
How can this vulnerability impact me? :
This vulnerability can lead to total operational compromise of the Sliver C2 infrastructure.
- An unauthenticated attacker can silently control every active C2 session or beacon through the operatorβs browser by simply tricking the operator into clicking a malicious link.
- Attackers can exfiltrate all collected target data, including sensitive files such as SSH keys and ntds.dit.
- Attackers can delete or modify files arbitrarily, potentially sabotaging or denying service on compromised targets.
- If the MCP interface is misconfigured to bind to all network interfaces, attackers can gain unauthenticated remote access from anywhere on the network or internet.
- The vulnerability can be used to neutralize entire campaigns by deleting all active beacons and severing operator access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Sliver MCP (Management and Control Protocol) interface is running and accessible, especially on localhost port 8080 or any network interface (0.0.0.0). Detection involves verifying if the MCP server is bound to 0.0.0.0 or localhost and if it returns permissive CORS headers such as `Access-Control-Allow-Origin: *`.
You can attempt to detect active MCP sessions and beacons by issuing HTTP requests to the MCP interface. For example, using curl commands to interact with the MCP interface on port 8080:
- curl -v http://localhost:8080/mcp/list_sessions_and_beacons
- curl -v http://localhost:8080/mcp/fs_ls
If these commands return data without authentication, it indicates the vulnerability is present. Additionally, checking network bindings of the Sliver client process to see if MCP is exposed beyond localhost can help identify risk.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Sliver C2 framework to version 1.7.4 or later, where this vulnerability has been patched.
Additionally, ensure that the MCP interface is not bound to all network interfaces (0.0.0.0). It should be restricted to localhost (127.0.0.1) to prevent remote unauthenticated access.
Implement network-level controls such as firewall rules to block external access to port 8080 or any port used by the MCP interface.
Avoid clicking on untrusted or suspicious links that could trigger exploitation via the operator's browser.