CVE-2026-34227: CWE-306: Missing Authentication for Critical Function in BishopFox sliver
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, ntds.dit) or destroying the entire compromised infrastructure, entirely through the operator's own browser. This issue has been patched in version 1.7.4.
AI Analysis
Technical Summary
Sliver, a C2 framework using a custom Wireguard netstack, had a missing authentication vulnerability (CWE-306) in versions before 1.7.4. This flaw allowed unauthenticated attackers to take control of active C2 sessions or beacons silently through a single click on a malicious link, enabling data exfiltration or infrastructure destruction. The vulnerability is rated medium severity with a CVSS 4.0 score of 5.9. The vendor has released a patch in version 1.7.4 to address this issue.
Potential Impact
An unauthenticated attacker can gain immediate and silent control over all active command and control sessions or beacons, potentially exfiltrating sensitive target data such as SSH keys and ntds.dit files or destroying the compromised infrastructure. This control is achieved through the operator's own browser by clicking a malicious link. The impact affects all Sliver versions prior to 1.7.4.
Mitigation Recommendations
Upgrade Sliver to version 1.7.4 or later, where this vulnerability has been patched. No other mitigations are indicated by the vendor advisory.
CVE-2026-34227: CWE-306: Missing Authentication for Critical Function in BishopFox sliver
Description
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, ntds.dit) or destroying the entire compromised infrastructure, entirely through the operator's own browser. This issue has been patched in version 1.7.4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Sliver, a C2 framework using a custom Wireguard netstack, had a missing authentication vulnerability (CWE-306) in versions before 1.7.4. This flaw allowed unauthenticated attackers to take control of active C2 sessions or beacons silently through a single click on a malicious link, enabling data exfiltration or infrastructure destruction. The vulnerability is rated medium severity with a CVSS 4.0 score of 5.9. The vendor has released a patch in version 1.7.4 to address this issue.
Potential Impact
An unauthenticated attacker can gain immediate and silent control over all active command and control sessions or beacons, potentially exfiltrating sensitive target data such as SSH keys and ntds.dit files or destroying the compromised infrastructure. This control is achieved through the operator's own browser by clicking a malicious link. The impact affects all Sliver versions prior to 1.7.4.
Mitigation Recommendations
Upgrade Sliver to version 1.7.4 or later, where this vulnerability has been patched. No other mitigations are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-26T16:22:29.033Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69cbedf2e6bfc5ba1d2480f5
Added to database: 3/31/2026, 3:53:22 PM
Last enriched: 4/8/2026, 4:13:12 AM
Last updated: 5/16/2026, 7:59:37 AM
Views: 29
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.