CVE-2026-25791
HIGH EPSS 32.5%
Published Feb 9, 20264mo ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
Published Feb 9, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago
Description
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored without a cleanup/expiry path in this flow, an unauthenticated remote actor can repeatedly create sessions and drive memory exhaustion. This vulnerability is fixed in 1.7.0.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
32.5% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 2
CWE-306 Missing Authentication for Critical Function Authentication
CWE-400 Uncontrolled Resource Consumption Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| bishopfox | sliver | * | <1.7.0 |
References 2
- github.com https://github.com/BishopFox/sliver/releases/tag/v1.7.0
- github.com https://github.com/BishopFox/sliver/security/advisories/GHSA-wxrw-gvg8-fqjp
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.