CVE-2026-25760

Name of the Vulnerable Software and Affected Versions Sliver versions prior to 1.6.11

Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. A path traversal issue exists in the website content subsystem, allowing an authenticated operator to read arbitrary files on the Sliver server host. This can expose sensitive data such as operator configurations, TLS keys, tokens, and logs. The issue stems from the server accepting and persisting arbitrary website paths from the operator without proper sanitization or containment, and subsequently reading from disk using these paths. The vulnerable components include the website content management (gRPC): WebsiteAddContent, Website, and Websites, as well as the server-side file read in Website.ToProtobuf. The issue requires an authenticated operator account with sufficient permissions. A proof of concept demonstrates the ability to read files like /etc/hosts.

Recommendations Versions prior to 1.6.11 should be updated to version 1.6.11 or later. Validate and reject paths that are absolute or contain '..' in WebsiteAddContent (server side). Canonicalize paths and enforce they remain within the web content directory. Avoid reading content by Path in Website.ToProtobuf; read by content ID instead.