How serious is CVE-2026-29781?

This vulnerability has a CVSS score of 5.3 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-29781?

Yes, proof-of-concept exploit code for CVE-2026-29781 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-29781?

CVE-2026-29781 affects bishopfox sliver. Check the full CVE details for specific version information.

How do I fix CVE-2026-29781?

To remediate CVE-2026-29781, check for security patches from bishopfox. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-29781

Medium

|5.3

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker with valid implant credentials to crash the Sliver command and control server, effectively shutting down all active sessions across the entire system. The attacker needs to have already gained access to the system, as this flaw requires them to be authenticated before they can exploit it.

Technical Description

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic. Because the mTLS, WireGuard, and DNS transport layers lack the panic recovery middleware present in the HTTP transport, this results in a global process termination. While requiring post-authentication access (a captured implant), this flaw effectively acts as an infrastructure "kill-switch," instantly severing all active sessions across the entire fleet and requiring a manual server restart to restore operations. At time of publication, there are no publicly available patches.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$724($500-$1K)

Vendor Response

Grade APatched in 4 days

Quick Information

Published

Mar 7, 2026

about 1 month ago

Last Modified

Mar 11, 2026

27 days ago

Vendor

bishopfox

Product

sliver