CVE-2026-32941

Name of the Vulnerable Software and Affected Versions Sliver versions 1.7.3 and below

Description Sliver is a command and control framework that utilizes a custom Wireguard network stack. Versions 1.7.3 and below contain a Remote Out-of-Memory (OOM) issue in the mTLS and WireGuard C2 transport layer of the Sliver C2 server. The socketReadEnvelope and socketWGReadEnvelope functions rely on an attacker-controlled 4-byte length prefix to allocate memory, with ServerMaxMessageSize allowing single allocations of up to approximately 2 GiB. A compromised implant or an attacker with valid credentials can exploit this by sending fabricated length prefixes over concurrent yamux streams (up to 128 per connection), forcing the server to attempt allocating approximately 256 GiB of memory and triggering an OS OOM kill. This crashes the Sliver server, disrupts all active implant sessions, and may degrade or kill other processes sharing the same host. The same pattern also affects all implant-side readers, which lack any upper-bound check. The issue was not resolved at the time of publication.

Recommendations Versions prior to 1.7.4 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.