CNNVD-202602-938 Information
CNNVD ID
CNNVD-202602-938
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Sliver是Bishop Fox开源的一个开源的跨平台对手模拟/红队框架。可以被各种规模的组织用来执行安全测试。 Sliver 1.6.11之前版本存在路径遍历漏洞,该漏洞源于网站内容子系统中的路径遍历,可能导致经过身份验证的操作员读取服务器主机上的任意文件。
Description (English)
Silver is an open source cross-platform rival simulation/red team framework for Bishop Fox open source. They can be used by organizations of all sizes to carry out safety tests. The previous version of Sliver 1.6.11 had a loophole in the path, which originated from the routing of the site ’ s content subsystem, which could result in a certified operator reading any file on the server ’ s mainframe.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Bishop Fox
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/BishopFox/sliver/commit/818127349ccec812876693c4ca74ebf4350ec6b7 https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2 https://access.redhat.com/security/cve/cve-2026-25760
Patch
https://github.com/BishopFox/sliver/releases
Share on: