CVE-2026-34227
Received Received - Intake
Unauthenticated Remote Control Vulnerability in Sliver C2 Framework

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: GitHub, Inc.

Description
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, ntds.dit) or destroying the entire compromised infrastructure, entirely through the operator's own browser. This issue has been patched in version 1.7.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34227
EUVD
EUVD-2026-17490
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bishopfox sliver to 1.7.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-942 The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-34227 is a critical vulnerability in the Sliver command and control (C2) framework versions prior to 1.7.4. It arises from insecure Cross-Origin Resource Sharing (CORS) configuration and lack of authentication on the Sliver Management and Control Protocol (MCP) interface.

The MCP server runs inside the Sliver client and by default binds an unauthenticated HTTP and Server-Sent Events interface to localhost:8080, returning a permissive Access-Control-Allow-Origin: * header. This allows any arbitrary website to issue cross-origin requests and interact with the MCP interface through the operator’s browser without requiring credentials.

If misconfigured to bind to all network interfaces (0.0.0.0), the vulnerability escalates to unauthenticated remote access from any actor on the network or internet.

Exploitable MCP methods include viewing active sessions and beacons, and various filesystem commands such as listing directories, reading, deleting, moving, copying, creating, and modifying files.

The root cause is the insecure use of the mcp-go library which hardcodes permissive CORS headers and lacks authentication middleware or origin restrictions, allowing attackers to bypass browser security and silently control the C2 infrastructure through the operator’s browser.

Impact Analysis

This vulnerability can lead to total operational compromise of the Sliver C2 infrastructure.

  • An unauthenticated attacker can silently control every active C2 session or beacon through the operator’s browser by simply tricking the operator into clicking a malicious link.
  • Attackers can exfiltrate all collected target data, including sensitive files such as SSH keys and ntds.dit.
  • Attackers can delete or modify files arbitrarily, potentially sabotaging or denying service on compromised targets.
  • If the MCP interface is misconfigured to bind to all network interfaces, attackers can gain unauthenticated remote access from anywhere on the network or internet.
  • The vulnerability can be used to neutralize entire campaigns by deleting all active beacons and severing operator access.
Detection Guidance

This vulnerability can be detected by checking if the Sliver MCP (Management and Control Protocol) interface is running and accessible, especially on localhost port 8080 or any network interface (0.0.0.0). Detection involves verifying if the MCP server is bound to 0.0.0.0 or localhost and if it returns permissive CORS headers such as `Access-Control-Allow-Origin: *`.

You can attempt to detect active MCP sessions and beacons by issuing HTTP requests to the MCP interface. For example, using curl commands to interact with the MCP interface on port 8080:

  • curl -v http://localhost:8080/mcp/list_sessions_and_beacons
  • curl -v http://localhost:8080/mcp/fs_ls

If these commands return data without authentication, it indicates the vulnerability is present. Additionally, checking network bindings of the Sliver client process to see if MCP is exposed beyond localhost can help identify risk.

Mitigation Strategies

The immediate mitigation step is to upgrade the Sliver C2 framework to version 1.7.4 or later, where this vulnerability has been patched.

Additionally, ensure that the MCP interface is not bound to all network interfaces (0.0.0.0). It should be restricted to localhost (127.0.0.1) to prevent remote unauthenticated access.

Implement network-level controls such as firewall rules to block external access to port 8080 or any port used by the MCP interface.

Avoid clicking on untrusted or suspicious links that could trigger exploitation via the operator's browser.

Compliance Impact

This vulnerability allows unauthenticated attackers to exfiltrate sensitive data such as SSH keys and ntds.dit files, which may contain personally identifiable information or protected health information.

Such unauthorized data access and exfiltration can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and mandate breach notification.

Additionally, the vulnerability enables attackers to destroy or modify critical infrastructure data, potentially impacting data integrity and availability requirements under these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34227. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart