CVE-2026-34227: Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface

March 31, 2026

A single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, ntds.dit) or destroying the entire compromised infrastructure, entirely through the operator’s own browser.

References

github.com/BishopFox/sliver
github.com/BishopFox/sliver/security/advisories/GHSA-6fpf-248c-m7wm
github.com/advisories/GHSA-6fpf-248c-m7wm
nvd.nist.gov/vuln/detail/CVE-2026-34227

Code Behaviors & Features

Detect and mitigate CVE-2026-34227 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →