Is there a patch available for EUVD-2026-17490?

Yes, a patch is available for EUVD-2026-17490. Update the affected software to the latest version immediately.

Sliver EUVD-2026-17490

Q: What is the CVSS score of EUVD-2026-17490?

EUVD-2026-17490 has a CVSS 4.0 base score of 5.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-34227 MEDIUM

Missing Authentication for Critical Function (CWE-306)

2026-03-31 GitHub_M

GHSA-6fpf-248c-m7wm

Authentication Bypass Sliver

5.9

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

5.9 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Patch released

Apr 01, 2026 - 02:30 nvd

Patch available

EUVD ID Assigned

Mar 31, 2026 - 16:00 euvd

EUVD-2026-17490

Analysis Generated

Mar 31, 2026 - 16:00 vuln.today

CVE Published

Mar 31, 2026 - 15:25 nvd

MEDIUM 5.9

DescriptionGitHub Advisory

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, ntds.dit) or destroying the entire compromised infrastructure, entirely through the operator's own browser. This issue has been patched in version 1.7.4.

AnalysisAI

Unauthenticated attackers can hijack all active Sliver C2 sessions and beacons through a single malicious link clicked by an operator, gaining immediate silent control to exfiltrate collected intelligence or destroy compromised infrastructure, prior to version 1.7.4. The vulnerability exploits browser-based interaction with the custom Wireguard netstack, bypassing authentication entirely via a user-interaction attack vector. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	This vulnerability presents severe real-world risk despite a moderate CVSS score of 5.9. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker crafts a malicious link embedding a Sliver API payload and sends it via email or social engineering to a red team operator known to use Sliver. When the operator clicks the link while their Sliver web interface or API client is active and authenticated, the attack silently hijacks all active C2 sessions under that operator's control. …
Remediation	Upgrade Sliver immediately to version 1.7.4 or later, which patches the authentication check vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-17490 vulnerability details – vuln.today

Back