CVE-2026-25760 – CVE-2026-25760 is an authenticated path travers... (How to Fix)

Q: What is the severity of CVE-2026-25760?

CVE-2026-25760 has a CVSS score of 6.5 (MEDIUM). CVE-2026-25760 is an authenticated path traversal vulnerability in Sliver's website content subsystem that allows authenticated operators to read arbitrary files on the server host. This can expose sensitive credentials, configuration files, and cryptographic keys. Only Sliver servers running versions prior to 1.6.11 with authenticated operators are affected.

📋 TL;DR

CVE-2026-25760 is an authenticated path traversal vulnerability in Sliver's website content subsystem that allows authenticated operators to read arbitrary files on the server host. This can expose sensitive credentials, configuration files, and cryptographic keys. Only Sliver servers running versions prior to 1.6.11 with authenticated operators are affected.

💻 Affected Systems

Products:

Sliver C2 Framework

Versions: All versions prior to 1.6.11

Operating Systems: All platforms running Sliver

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated operator access to exploit; default Sliver installations with operator accounts are vulnerable.

📦 What is this software?

Sliver by Bishopfox

View all CVEs affecting Sliver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Sliver C2 server including theft of all credentials, configuration secrets, and cryptographic keys, potentially enabling attacker persistence and lateral movement.

🟠

Likely Case

Exfiltration of sensitive configuration files, credentials, and keys that could compromise the C2 infrastructure and connected implants.

🟢

If Mitigated

Limited impact if proper access controls and file system permissions restrict operator access to sensitive directories.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated operator access but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.11

Vendor Advisory: https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2

Restart Required: Yes

Instructions:

1. Stop all Sliver server instances. 2. Update Sliver to version 1.6.11 or later using your package manager or from GitHub releases. 3. Restart Sliver server instances.

🔧 Temporary Workarounds

Restrict Operator Access

all

Temporarily remove or disable operator accounts until patching can be completed.

# Review and modify operator configurations in Sliver config files

File System Permissions Hardening

linux

Apply strict file system permissions to sensitive directories containing credentials and configuration files.

chmod 600 /path/to/sensitive/files
chown root:root /path/to/sensitive/files

🧯 If You Can't Patch

Implement strict network segmentation to isolate Sliver servers from sensitive infrastructure
Deploy file integrity monitoring on Sliver server hosts to detect unauthorized file access

🔍 How to Verify

Check if Vulnerable:

Check Sliver server version; if version is less than 1.6.11, the system is vulnerable.

Check Version:

sliver-server --version

Verify Fix Applied:

Confirm Sliver server version is 1.6.11 or later and test that authenticated operators cannot access files outside intended directories.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from operator accounts
Access to sensitive system files from Sliver process

Network Indicators:

Unusual data exfiltration from Sliver server to operator-controlled endpoints

SIEM Query:

source="sliver.log" AND (event="file_access" OR event="path_traversal")

📊 Metadata

CVE ID: CVE-2026-25760

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.05% exploit probability (13.6th percentile)

Published: February 6, 2026

Last Updated: February 19, 2026

🔗 References

https://github.com/BishopFox/sliver/commit/818127349ccec812876693c4ca74ebf4350ec6b7 Patch
https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2 Exploit,Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25760, you might also want to check these: