{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25760", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-05T18:35:52.357Z", "datePublished": "2026-02-06T21:32:27.276Z", "dateUpdated": "2026-02-09T15:26:46.263Z"}, "containers": {"cna": {"title": "Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2"}, {"name": "https://github.com/BishopFox/sliver/commit/818127349ccec812876693c4ca74ebf4350ec6b7", "tags": ["x_refsource_MISC"], "url": "https://github.com/BishopFox/sliver/commit/818127349ccec812876693c4ca74ebf4350ec6b7"}], "affected": [{"vendor": "BishopFox", "product": "sliver", "versions": [{"version": "< 1.6.11", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T21:32:27.276Z"}, "descriptions": [{"lang": "en", "value": "Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. This vulnerability is fixed in 1.6.11."}], "source": {"advisory": "GHSA-2286-hxv5-cmp2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T15:19:17.804953Z", "id": "CVE-2026-25760", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:26:46.263Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25760", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T15:19:17.804953Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:19:18.652Z"}}], "cna": {"title": "Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver", "source": {"advisory": "GHSA-2286-hxv5-cmp2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "BishopFox", "product": "sliver", "versions": [{"status": "affected", "version": "< 1.6.11"}]}], "references": [{"url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2", "name": "https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/BishopFox/sliver/commit/818127349ccec812876693c4ca74ebf4350ec6b7", "name": "https://github.com/BishopFox/sliver/commit/818127349ccec812876693c4ca74ebf4350ec6b7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. This vulnerability is fixed in 1.6.11."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T21:32:27.276Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25760", "state": "PUBLISHED", "dateUpdated": "2026-02-09T15:26:46.263Z", "dateReserved": "2026-02-05T18:35:52.357Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-06T21:32:27.276Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bishopfox:sliver:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D797281-52C3-452C-8CAA-7E358D81CD3B", "versionEndExcluding": "1.6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. This vulnerability is fixed in 1.6.11."}], "id": "CVE-2026-25760", "lastModified": "2026-02-19T18:02:59.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-06T22:16:12.277", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/BishopFox/sliver/commit/818127349ccec812876693c4ca74ebf4350ec6b7"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T22:21:47.587194+00:00", "value": {"mitigation_remediation": ["Upgrade Sliver to version 1.6.11 or later to eliminate the path traversal vulnerability.", "Revoke or rotate credentials of all current operators before applying the patch to mitigate any potential data exposure.", "Apply configuration changes to the web server or Sliver's routing to block or restrict path traversal requests until the patch is fully deployed."], "summary": {"action": "Apply Patch", "impact": "Data Exposure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Sliver command and control framework distributed by BishopFox. All releases before version 1.6.11 are susceptible; the issue is fixed in version 1.6.11 and later.", "description_and_impact": "An authenticated operator can exploit a path traversal flaw in Sliver's website content subsystem to read arbitrary files from the server host, potentially exposing credentials, configuration data, and cryptographic keys. This flaw undermines data confidentiality and could allow an attacker to gather sensitive information that might be used for further attacks.", "risk_and_exploitability": "The CVSS base score of 6.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The flaw is not listed in the CISA KEV catalog. Attackers must be authenticated operators with web access to the content subsystem; they can then specify a path containing ..\\ characters to read any file on the host file system."}}}}, "created": "2026-02-09T10:50:00.411358+00:00", "updated": "2026-04-17T22:30:29.590678+00:00", "vendors": ["bishopfox", "bishopfox$PRODUCT$sliver"]}