{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-34227", "tracking": { "current_release_date": "2026-04-03T15:26:02.651701Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-34227", "initial_release_date": "2026-03-31T16:25:49.476817Z", "revision_history": [ { "date": "2026-03-31T16:25:49.476817Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (1).| CWES updated (1)." }, { "date": "2026-03-31T16:25:51.259322Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-31T16:39:32.061488Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1).| References created (1).| CWES updated (1)." }, { "date": "2026-03-31T16:39:41.224074Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-03-31T23:58:24.845929Z", "number": "5", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (3).| CWES updated (1)." }, { "date": "2026-03-31T23:58:26.811758Z", "number": "6", "summary": "NCSC Score updated." }, { "date": "2026-04-01T14:39:46.688251Z", "number": "7", "summary": "Unknown change." }, { "date": "2026-04-01T14:39:48.364287Z", "number": "8", "summary": "NCSC Score updated." }, { "date": "2026-04-01T15:13:01.349964Z", "number": "9", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-04-01T15:13:04.509377Z", "number": "10", "summary": "NCSC Score updated." }, { "date": "2026-04-03T15:25:21.234698Z", "number": "11", "summary": "CVSS created.| Products created (1).| Product Identifiers created (1).| Exploits created (1)." }, { "date": "2026-04-03T15:25:23.111894Z", "number": "12", "summary": "NCSC Score updated." } ], "status": "interim", "version": "12" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<1.7.4", "product": { "name": "vers:unknown/<1.7.4", "product_id": "CSAFPID-5992139", "product_identification_helper": { "cpe": "cpe:2.3:a:bishopfox:sliver:*:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "sliver" } ], "category": "vendor", "name": "Bishop Fox" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<1.7.4", "product": { "name": "vers:unknown/<1.7.4", "product_id": "CSAFPID-5969086" } } ], "category": "product_name", "name": "sliver" } ], "category": "vendor", "name": "BishopFox" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-34227", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "description", "text": "Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, ntds.dit) or destroying the entire compromised infrastructure, entirely through the operator's own browser. This issue has been patched in version 1.7.4.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-34227" }, { "category": "description", "text": "Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, ntds.dit) or destroying the entire compromised infrastructure, entirely through the operator's own browser. This issue has been patched in version 1.7.4.", "title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/34xxx/CVE-2026-34227.json" }, { "category": "description", "text": "A single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, `ntds.dit`) or destroying the entire compromised infrastructure, entirely through the operator's own browser.\n\n## Description\nThe Sliver MCP server runs inside the Sliver Client and binds an unauthenticated HTTP and SSE interface to `localhost:8080` by default. The service returns a permissive `Access-Control-Allow-Origin: *` header on all responses.\n\nBecause this server is client-side, the attack surface is distributed across every individual operator in the operation. Any arbitrary website can issue cross-origin requests and interact with the MCP interface via an operator's browser, no credentials required.\n\nIf the interface is misconfigured to bind to all interfaces (`0.0.0.0`), the vulnerability escalates from a client-side CSRF/CORS issue to direct, unauthenticated remote access from any actor on the network.\n\n\n## Exposed Methods\nExploitation grants unauthorized access to the following MCP tools:\n- `list_sessions_and_beacons`\n- `fs_ls`, `fs_pwd`, `fs_cd`\n- `fs_cat`\n- `fs_rm`, `fs_mv`, `fs_cp`, `fs_mkdir`\n- `fs_chmod`, `fs_chown`\n\n## PoC \n1. Start the Sliver client with MCP enabled (default `localhost:8080`)\n2. Open a browser and load a page containing the [Proof of Concept JavaScript](https://github.com/skoveit/CVE-2026-34227).\n3. Observe that the page successfully lists sessions and can issue filesystem commands against live implants, with no authentication\n\n## Impact Assessment\nSuccessful exploitation results in total operational compromise.\n- **Direct Infrastructure Exposure:** If misconfigured to `0.0.0.0`, the C2 framework becomes fully accessible to any actor on the network or internet without requiring operator interaction.\n- **Information Leakage:** Complete visibility into active sessions, deployed beacons, and file system structures (`list_sessions_and_beacons`, `fs_ls`, `fs_pwd`).\n- **Arbitrary File Read:** Covert exfiltration of any target data (e.g., SSH keys, `ntds.dit`) through the C2 channel (`fs_cat`).\n- **Integrity & Availability Loss:** Arbitrary deletion or modification of files on compromised targets, leading to potential sabotage or denial of service (`fs_rm`, `fs_mv`, `fs_cp`).\n\n**Severity: Critical**\n\n\n\n## Attack Scenarios\n**Scenario 1: Data Exfiltration via Drive-by Execution (Default Localhost)** An operator clicks a link to a benign-looking site hosting malicious JavaScript (e.g. via open redirect). The script executes commands against `localhost:8080`, retrieves the operator's target list, and silently downloads sensitive files (e.g., a target's `ntds.dit`) using the operator's existing C2 connections.\n\n **Scenario 2: Campaign Neutralization (Default Localhost)** A malicious site lures an operator to a controlled domain. Embedded JavaScript immediately issues `fs_rm` commands across all active implants, mass-deleting beacons and permanently severing operator access to the target network in a single click.\n\n **Scenario 3: Direct Takeover (0.0.0.0 Misconfiguration)** An operator configures the MCP interface to listen on `0.0.0.0` for team access. An external attacker scans the network, discovers the exposed port, and directly issues unauthenticated API calls to hijack active sessions, drop connections, or exfiltrate data.\n \n \n## Technical Root Cause\nThe vulnerability stems from an insecure integration with the `mcp-go` library. While the library hardcodes permissive CORS (`Access-Control-Allow-Origin: *`), it also fails to validate the `Content-Type` header. This allows an attacker to use Simple Requests (e.g., `text/plain`) to bypass the browser's CORS preflight (`OPTIONS`) check entirely, making the attack highly reliable across all modern browsers without any additional techniques.\n\nFurthermore, the Sliver implementation fails to implement any authentication middleware or origin restrictions to protect the sensitive RPC interface, meaning even if the CORS behavior were corrected upstream in `mcp-go`, the endpoint would remain fully unauthenticated.\n\n\n---\n\n ## Demo\n \nhttps://github.com/user-attachments/assets/b18216c2-2c0b-41a2-aa39-229b3f148c24", "title": "github - https://api.github.com/advisories/GHSA-6fpf-248c-m7wm" }, { "category": "other", "text": "0.00017", "title": "EPSS" }, { "category": "other", "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "title": "CVSSV4" }, { "category": "other", "text": "5.9", "title": "CVSSV4 base score" }, { "category": "other", "text": "3.6", "title": "NCSC Score" }, { "category": "other", "text": "There is exploit data available from source Nvd, Exploit code publicly available, Is related to (a version of) an uncommon product", "title": "NCSC Score top decreasing factors" } ], "product_status": { "known_affected": [ "CSAFPID-5969086", "CSAFPID-5992139" ] }, "references": [ { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-34227" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/34xxx/CVE-2026-34227.json" }, { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-6fpf-248c-m7wm" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd", "url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-6fpf-248c-m7wm" }, { "category": "external", "summary": "Reference - github", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34227" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-6fpf-248c-m7wm" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-5969086", "CSAFPID-5992139" ] } ], "title": "CVE-2026-34227" } ] }