Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
22 vulnerabilities by NousResearch
CVE-2026-53870 (GCVE-0-2026-53870)
Vulnerability from cvelistv5 – Published: 2026-06-17 17:57 – Updated: 2026-06-17 18:39 X_Open Source
VLAI
Title
Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files
Summary
Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets.
Severity
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/NousResearch/hermes-agent/rele… | release-notes |
| https://github.com/NousResearch/hermes-agent/pull/30917 | issue-tracking |
| https://github.com/NousResearch/hermes-agent/pull/31469 | issue-tracking |
| https://github.com/NousResearch/hermes-agent/comm… | patch |
| https://www.vulncheck.com/advisories/hermes-agent… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
0 , < 0.16.0
(semver)
Unaffected: 0.16.0 (semver) |
Date Public
2026-05-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53870",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T18:39:20.486749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T18:39:35.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/NousResearch/hermes-agent/pull/30917"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/hermes-agent",
"product": "hermes-agent",
"repo": "https://github.com/NousResearch/hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"lessThan": "0.16.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.16.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chia Min Jun Lennon"
}
],
"datePublic": "2026-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T17:57:58.314Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/NousResearch/hermes-agent/releases/tag/v2026.6.5"
},
{
"name": "Researcher Pull Request",
"tags": [
"issue-tracking"
],
"url": "https://github.com/NousResearch/hermes-agent/pull/30917"
},
{
"name": "Maintainer Pull Request",
"tags": [
"issue-tracking"
],
"url": "https://github.com/NousResearch/hermes-agent/pull/31469"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/NousResearch/hermes-agent/commit/3bace071bfadf2d2bec2ee048471a31ec920e3e8"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hermes-agent-sensitive-file-permission-vulnerability-in-store-files"
}
],
"tags": [
"x_open-source"
],
"title": "Hermes Agent \u003c 0.16.0 - Sensitive File Permission Vulnerability in Store Files",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-53870",
"datePublished": "2026-06-17T17:57:58.314Z",
"dateReserved": "2026-06-10T21:23:54.283Z",
"dateUpdated": "2026-06-17T18:39:35.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53869 (GCVE-0-2026-53869)
Vulnerability from cvelistv5 – Published: 2026-06-17 17:57 – Updated: 2026-06-18 15:29 X_Open Source
VLAI
Title
Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints
Summary
Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling attackers to exploit DNS rebinding and inject malicious commands or read terminal output.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/NousResearch/hermes-agent/rele… | release-notes |
| https://github.com/NousResearch/hermes-agent/pull/30221 | issue-tracking |
| https://github.com/NousResearch/hermes-agent/pull/31685 | issue-tracking |
| https://github.com/NousResearch/hermes-agent/comm… | patch |
| https://www.vulncheck.com/advisories/hermes-agent… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
0 , < 0.16.0
(semver)
Unaffected: 0.16.0 (semver) |
Date Public
2026-05-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T15:28:51.075482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T15:29:39.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/hermes-agent",
"product": "hermes-agent",
"repo": "https://github.com/NousResearch/hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"lessThan": "0.16.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.16.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chia Min Jun Lennon"
}
],
"datePublic": "2026-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling attackers to exploit DNS rebinding and inject malicious commands or read terminal output."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T17:57:30.978Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/NousResearch/hermes-agent/releases/tag/v2026.6.5"
},
{
"name": "Researcher Pull Request",
"tags": [
"issue-tracking"
],
"url": "https://github.com/NousResearch/hermes-agent/pull/30221"
},
{
"name": "Maintainer Pull Request",
"tags": [
"issue-tracking"
],
"url": "https://github.com/NousResearch/hermes-agent/pull/31685"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/NousResearch/hermes-agent/commit/d9ec90585cf7616b5972e44cf8d92bb569fc3feb"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hermes-agent-dns-rebinding-bypass-via-websocket-endpoints"
}
],
"tags": [
"x_open-source"
],
"title": "Hermes Agent \u003c 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-53869",
"datePublished": "2026-06-17T17:57:30.978Z",
"dateReserved": "2026-06-10T21:23:54.283Z",
"dateUpdated": "2026-06-18T15:29:39.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11461 (GCVE-0-2026-11461)
Vulnerability from cvelistv5 – Published: 2026-06-07 21:45 – Updated: 2026-06-09 14:48
VLAI
Title
NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization
Summary
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369081 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369081/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11461 | third-party-advisory |
| https://vuldb.com/submit/829402 | third-party-advisory |
| https://gist.github.com/YLChen-007/7951b3dc39193f… | related |
| https://gist.github.com/YLChen-007/c2d162e9c8d395… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
0.1
Affected: 0.2 Affected: 0.3 Affected: 0.4 Affected: 0.5 Affected: 0.6 Affected: 0.7 Affected: 0.8 Affected: 0.9 Affected: 0.10 Affected: 0.11 Affected: 0.12.0 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11461",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:48:20.842250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:48:38.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/829402"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"resume Endpoint"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
},
{
"status": "affected",
"version": "0.9"
},
{
"status": "affected",
"version": "0.10"
},
{
"status": "affected",
"version": "0.11"
},
{
"status": "affected",
"version": "0.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-07T21:45:09.216Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369081 | NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369081"
},
{
"name": "VDB-369081 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369081/cti"
},
{
"name": "CVE-2026-11461 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11461"
},
{
"name": "Submit #829402 | NousResearch hermes-agent \u003c= v0.12.0 Authorization Bypass Through User-Controlled Key (CWE-639)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/829402"
},
{
"tags": [
"related"
],
"url": "https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/c2d162e9c8d39584223683cdcba98607"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T09:33:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11461",
"datePublished": "2026-06-07T21:45:09.216Z",
"dateReserved": "2026-06-07T07:28:06.447Z",
"dateUpdated": "2026-06-09T14:48:38.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10548 (GCVE-0-2026-10548)
Vulnerability from cvelistv5 – Published: 2026-06-02 00:30 – Updated: 2026-06-03 13:53
VLAI
Title
NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication
Summary
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367645 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367645/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10548 | third-party-advisory |
| https://vuldb.com/submit/822026 | third-party-advisory |
| https://gist.github.com/YLChen-007/caf38652afeccb… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 Affected: 2026.4.17 Affected: 2026.4.18 Affected: 2026.4.19 Affected: 2026.4.20 Affected: 2026.4.21 Affected: 2026.4.22 Affected: 2026.4.23 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10548",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T13:52:49.345677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T13:53:36.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/822026"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"Credential Pool Synchronization"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
},
{
"status": "affected",
"version": "2026.4.17"
},
{
"status": "affected",
"version": "2026.4.18"
},
{
"status": "affected",
"version": "2026.4.19"
},
{
"status": "affected",
"version": "2026.4.20"
},
{
"status": "affected",
"version": "2026.4.21"
},
{
"status": "affected",
"version": "2026.4.22"
},
{
"status": "affected",
"version": "2026.4.23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-j (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T00:30:09.704Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367645 | NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367645"
},
{
"name": "VDB-367645 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367645/cti"
},
{
"name": "CVE-2026-10548 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10548"
},
{
"name": "Submit #822026 | NousResearch hermes-agent \u003c= v2026.4.23 Improper Authentication (CWE-287)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822026"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/caf38652afeccbbd53a9d77152b6198d"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-01T15:33:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10548",
"datePublished": "2026-06-02T00:30:09.704Z",
"dateReserved": "2026-06-01T13:28:23.195Z",
"dateUpdated": "2026-06-03T13:53:36.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10224 (GCVE-0-2026-10224)
Vulnerability from cvelistv5 – Published: 2026-06-01 04:30 – Updated: 2026-06-01 15:23
VLAI
Title
NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption
Summary
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367503 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367503/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10224 | third-party-advisory |
| https://vuldb.com/submit/822022 | third-party-advisory |
| https://gist.github.com/YLChen-007/0304e313d811f1… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 Affected: 2026.4.17 Affected: 2026.4.18 Affected: 2026.4.19 Affected: 2026.4.20 Affected: 2026.4.21 Affected: 2026.4.22 Affected: 2026.4.23 Affected: 2026.4.24 Affected: 2026.4.25 Affected: 2026.4.26 Affected: 2026.4.27 Affected: 2026.4.28 Affected: 2026.4.29 Affected: 2026.4.30 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T15:17:27.870597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T15:23:38.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"Webhook Endpoint"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
},
{
"status": "affected",
"version": "2026.4.17"
},
{
"status": "affected",
"version": "2026.4.18"
},
{
"status": "affected",
"version": "2026.4.19"
},
{
"status": "affected",
"version": "2026.4.20"
},
{
"status": "affected",
"version": "2026.4.21"
},
{
"status": "affected",
"version": "2026.4.22"
},
{
"status": "affected",
"version": "2026.4.23"
},
{
"status": "affected",
"version": "2026.4.24"
},
{
"status": "affected",
"version": "2026.4.25"
},
{
"status": "affected",
"version": "2026.4.26"
},
{
"status": "affected",
"version": "2026.4.27"
},
{
"status": "affected",
"version": "2026.4.28"
},
{
"status": "affected",
"version": "2026.4.29"
},
{
"status": "affected",
"version": "2026.4.30"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-j (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T04:30:08.987Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367503 | NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367503"
},
{
"name": "VDB-367503 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367503/cti"
},
{
"name": "CVE-2026-10224 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10224"
},
{
"name": "Submit #822022 | NousResearch hermes-agent \u003c= v2026.4.30 Uncontrolled Resource Consumption (CWE-400)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822022"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/0304e313d811f187ade93d3b01de0f87"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T09:56:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10224",
"datePublished": "2026-06-01T04:30:08.987Z",
"dateReserved": "2026-05-31T07:51:32.069Z",
"dateUpdated": "2026-06-01T15:23:38.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10223 (GCVE-0-2026-10223)
Vulnerability from cvelistv5 – Published: 2026-06-01 04:15 – Updated: 2026-06-01 14:56
VLAI
Title
NousResearch hermes-agent memory_tool.py _scan_memory_content injection
Summary
A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367502 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367502/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10223 | third-party-advisory |
| https://vuldb.com/submit/822021 | third-party-advisory |
| https://gist.github.com/YLChen-007/a1fb77ad2488c5… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 Affected: 2026.4.17 Affected: 2026.4.18 Affected: 2026.4.19 Affected: 2026.4.20 Affected: 2026.4.21 Affected: 2026.4.22 Affected: 2026.4.23 Affected: 2026.4.24 Affected: 2026.4.25 Affected: 2026.4.26 Affected: 2026.4.27 Affected: 2026.4.28 Affected: 2026.4.29 Affected: 2026.4.30 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10223",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T14:56:41.408760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T14:56:52.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
},
{
"status": "affected",
"version": "2026.4.17"
},
{
"status": "affected",
"version": "2026.4.18"
},
{
"status": "affected",
"version": "2026.4.19"
},
{
"status": "affected",
"version": "2026.4.20"
},
{
"status": "affected",
"version": "2026.4.21"
},
{
"status": "affected",
"version": "2026.4.22"
},
{
"status": "affected",
"version": "2026.4.23"
},
{
"status": "affected",
"version": "2026.4.24"
},
{
"status": "affected",
"version": "2026.4.25"
},
{
"status": "affected",
"version": "2026.4.26"
},
{
"status": "affected",
"version": "2026.4.27"
},
{
"status": "affected",
"version": "2026.4.28"
},
{
"status": "affected",
"version": "2026.4.29"
},
{
"status": "affected",
"version": "2026.4.30"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-j (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T04:15:05.930Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367502 | NousResearch hermes-agent memory_tool.py _scan_memory_content injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367502"
},
{
"name": "VDB-367502 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367502/cti"
},
{
"name": "CVE-2026-10223 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10223"
},
{
"name": "Submit #822021 | NousResearch hermes-agent \u003c= v2026.4.30 Injection (CWE-74)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822021"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/a1fb77ad2488c545a35d0f66356ea7b4"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T09:56:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent memory_tool.py _scan_memory_content injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10223",
"datePublished": "2026-06-01T04:15:05.930Z",
"dateReserved": "2026-05-31T07:51:29.252Z",
"dateUpdated": "2026-06-01T14:56:52.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10222 (GCVE-0-2026-10222)
Vulnerability from cvelistv5 – Published: 2026-06-01 04:00 – Updated: 2026-06-01 13:16
VLAI
Title
NousResearch hermes-agent config.py _sanitize_env_lines injection
Summary
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367501 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367501/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10222 | third-party-advisory |
| https://vuldb.com/submit/822020 | third-party-advisory |
| https://gist.github.com/YLChen-007/7ee2eeaa383b35… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 Affected: 2026.4.17 Affected: 2026.4.18 Affected: 2026.4.19 Affected: 2026.4.20 Affected: 2026.4.21 Affected: 2026.4.22 Affected: 2026.4.23 Affected: 2026.4.24 Affected: 2026.4.25 Affected: 2026.4.26 Affected: 2026.4.27 Affected: 2026.4.28 Affected: 2026.4.29 Affected: 2026.4.30 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10222",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T13:16:15.346798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:16:34.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
},
{
"status": "affected",
"version": "2026.4.17"
},
{
"status": "affected",
"version": "2026.4.18"
},
{
"status": "affected",
"version": "2026.4.19"
},
{
"status": "affected",
"version": "2026.4.20"
},
{
"status": "affected",
"version": "2026.4.21"
},
{
"status": "affected",
"version": "2026.4.22"
},
{
"status": "affected",
"version": "2026.4.23"
},
{
"status": "affected",
"version": "2026.4.24"
},
{
"status": "affected",
"version": "2026.4.25"
},
{
"status": "affected",
"version": "2026.4.26"
},
{
"status": "affected",
"version": "2026.4.27"
},
{
"status": "affected",
"version": "2026.4.28"
},
{
"status": "affected",
"version": "2026.4.29"
},
{
"status": "affected",
"version": "2026.4.30"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-j (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T04:00:11.313Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367501 | NousResearch hermes-agent config.py _sanitize_env_lines injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367501"
},
{
"name": "VDB-367501 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367501/cti"
},
{
"name": "CVE-2026-10222 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10222"
},
{
"name": "Submit #822020 | NousResearch hermes-agent \u003c= v2026.4.30 Injection (CWE-74)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822020"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/7ee2eeaa383b3540d2e8854250c03fb0"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T09:56:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent config.py _sanitize_env_lines injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10222",
"datePublished": "2026-06-01T04:00:11.313Z",
"dateReserved": "2026-05-31T07:51:26.584Z",
"dateUpdated": "2026-06-01T13:16:34.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10221 (GCVE-0-2026-10221)
Vulnerability from cvelistv5 – Published: 2026-06-01 03:45 – Updated: 2026-06-03 16:10
VLAI
Title
NousResearch hermes-agent run_agent.py _compress_context injection
Summary
A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367500 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367500/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10221 | third-party-advisory |
| https://vuldb.com/submit/822019 | third-party-advisory |
| https://gist.github.com/YLChen-007/d343fcfe2c009c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
0.1
Affected: 0.2 Affected: 0.3 Affected: 0.4 Affected: 0.5 Affected: 0.6 Affected: 0.7 Affected: 0.8 Affected: 0.9 Affected: 0.10 Affected: 0.11 Affected: 0.12.0 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10221",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T16:10:02.984547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T16:10:30.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/822019"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
},
{
"status": "affected",
"version": "0.9"
},
{
"status": "affected",
"version": "0.10"
},
{
"status": "affected",
"version": "0.11"
},
{
"status": "affected",
"version": "0.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-j (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T03:45:08.230Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367500 | NousResearch hermes-agent run_agent.py _compress_context injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367500"
},
{
"name": "VDB-367500 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367500/cti"
},
{
"name": "CVE-2026-10221 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10221"
},
{
"name": "Submit #822019 | NousResearch hermes-agent \u003c= 0.12.0 Injection (CWE-74)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822019"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/d343fcfe2c009cd45f56dc475fd5ac03"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T09:56:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent run_agent.py _compress_context injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10221",
"datePublished": "2026-06-01T03:45:08.230Z",
"dateReserved": "2026-05-31T07:51:23.739Z",
"dateUpdated": "2026-06-03T16:10:30.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10220 (GCVE-0-2026-10220)
Vulnerability from cvelistv5 – Published: 2026-06-01 03:30 – Updated: 2026-06-02 15:01
VLAI
Title
NousResearch hermes-agent skills_tool.py skill_view injection
Summary
A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367499 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367499/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10220 | third-party-advisory |
| https://vuldb.com/submit/822018 | third-party-advisory |
| https://gist.github.com/YLChen-007/9dd399c6f75b31… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 Affected: 2026.4.17 Affected: 2026.4.18 Affected: 2026.4.19 Affected: 2026.4.20 Affected: 2026.4.21 Affected: 2026.4.22 Affected: 2026.4.23 Affected: 2026.4.24 Affected: 2026.4.25 Affected: 2026.4.26 Affected: 2026.4.27 Affected: 2026.4.28 Affected: 2026.4.29 Affected: 2026.4.30 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10220",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T15:00:49.932890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T15:01:06.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
},
{
"status": "affected",
"version": "2026.4.17"
},
{
"status": "affected",
"version": "2026.4.18"
},
{
"status": "affected",
"version": "2026.4.19"
},
{
"status": "affected",
"version": "2026.4.20"
},
{
"status": "affected",
"version": "2026.4.21"
},
{
"status": "affected",
"version": "2026.4.22"
},
{
"status": "affected",
"version": "2026.4.23"
},
{
"status": "affected",
"version": "2026.4.24"
},
{
"status": "affected",
"version": "2026.4.25"
},
{
"status": "affected",
"version": "2026.4.26"
},
{
"status": "affected",
"version": "2026.4.27"
},
{
"status": "affected",
"version": "2026.4.28"
},
{
"status": "affected",
"version": "2026.4.29"
},
{
"status": "affected",
"version": "2026.4.30"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-j (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T03:30:09.923Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367499 | NousResearch hermes-agent skills_tool.py skill_view injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367499"
},
{
"name": "VDB-367499 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367499/cti"
},
{
"name": "CVE-2026-10220 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10220"
},
{
"name": "Submit #822018 | NousResearch hermes-agent \u003c= v2026.4.30 Improper Input Validation (CWE-20)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822018"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/9dd399c6f75b31fa741a613dfd41de08"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T09:56:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent skills_tool.py skill_view injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10220",
"datePublished": "2026-06-01T03:30:09.923Z",
"dateReserved": "2026-05-31T07:51:21.351Z",
"dateUpdated": "2026-06-02T15:01:06.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9369 (GCVE-0-2026-9369)
Vulnerability from cvelistv5 – Published: 2026-05-24 09:00 – Updated: 2026-05-26 14:29
VLAI
Title
NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison
Summary
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMES_ENABLE_PROJECT_PLUGINS results in incorrect comparison. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365332 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365332/cti | signaturepermissions-required |
| https://vuldb.com/submit/812230 | third-party-advisory |
| https://gist.github.com/YLChen-007/062b77ceac6aa9… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.23
cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9369",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T14:27:26.675466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:29:39.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"CLI web-dashboard Interface"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-i (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMES_ENABLE_PROJECT_PLUGINS results in incorrect comparison. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T09:00:16.979Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365332 | NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365332"
},
{
"name": "VDB-365332 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365332/cti"
},
{
"name": "Submit #812230 | NousResearch hermes-agent 2026.4.23 Incorrect Comparison (CWE-697)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/812230"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/062b77ceac6aa9844842a616f5d2ef30"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-23T12:38:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9369",
"datePublished": "2026-05-24T09:00:16.979Z",
"dateReserved": "2026-05-23T10:33:18.362Z",
"dateUpdated": "2026-05-26T14:29:39.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9368 (GCVE-0-2026-9368)
Vulnerability from cvelistv5 – Published: 2026-05-24 08:45 – Updated: 2026-05-26 16:17
VLAI
Title
NousResearch hermes-agent Environment Variable code_execution_tool.py execute_code sandbox
Summary
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365331 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365331/cti | signaturepermissions-required |
| https://vuldb.com/submit/812229 | third-party-advisory |
| https://gist.github.com/YLChen-007/43c72d19668421… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9368",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T16:17:24.678184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:17:36.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"Environment Variable Handler"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-i (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-265",
"description": "Sandbox Issue",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T08:45:09.083Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365331 | NousResearch hermes-agent Environment Variable code_execution_tool.py execute_code sandbox",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365331"
},
{
"name": "VDB-365331 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365331/cti"
},
{
"name": "Submit #812229 | NousResearch hermes-agent 2026.4.16 Improper Privilege Management (CWE-269)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/812229"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/43c72d19668421abe8ce10f299323a0a"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-23T12:38:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent Environment Variable code_execution_tool.py execute_code sandbox"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9368",
"datePublished": "2026-05-24T08:45:09.083Z",
"dateReserved": "2026-05-23T10:33:15.559Z",
"dateUpdated": "2026-05-26T16:17:36.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9367 (GCVE-0-2026-9367)
Vulnerability from cvelistv5 – Published: 2026-05-24 08:30 – Updated: 2026-05-26 13:30
VLAI
Title
NousResearch hermes-agent terminal_tool approval.py detect_dangerous_command os command injection
Summary
A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detect_dangerous_command of the file tools/approval.py of the component terminal_tool. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365330 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365330/cti | signaturepermissions-required |
| https://vuldb.com/submit/812228 | third-party-advisory |
| https://gist.github.com/YLChen-007/75fb10319693e8… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
5157f5427f19488b31c6fdebbacd15d798ce7f63
cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9367",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T13:30:14.515951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T13:30:21.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"terminal_tool"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "5157f5427f19488b31c6fdebbacd15d798ce7f63"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-i (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detect_dangerous_command of the file tools/approval.py of the component terminal_tool. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T08:30:10.795Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365330 | NousResearch hermes-agent terminal_tool approval.py detect_dangerous_command os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365330"
},
{
"name": "VDB-365330 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365330/cti"
},
{
"name": "Submit #812228 | NousResearch hermes-agent 5157f5427f19488b31c6fdebbacd15d798ce7f63 OS Command Injection (CWE-78)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/812228"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/75fb10319693e86106ced2ef3a472c80"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-23T12:38:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent terminal_tool approval.py detect_dangerous_command os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9367",
"datePublished": "2026-05-24T08:30:10.795Z",
"dateReserved": "2026-05-23T10:33:13.039Z",
"dateUpdated": "2026-05-26T13:30:21.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9366 (GCVE-0-2026-9366)
Vulnerability from cvelistv5 – Published: 2026-05-24 08:15 – Updated: 2026-05-27 17:27
VLAI
Title
NousResearch hermes-agent prompt_builder.py _scan_context_content injection
Summary
A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365329 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365329/cti | signaturepermissions-required |
| https://vuldb.com/submit/812227 | third-party-advisory |
| https://gist.github.com/YLChen-007/581fd92de5548f… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.23
cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9366",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T16:25:56.063453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T17:27:32.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-i (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T08:15:09.911Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365329 | NousResearch hermes-agent prompt_builder.py _scan_context_content injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365329"
},
{
"name": "VDB-365329 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365329/cti"
},
{
"name": "Submit #812227 | NousResearch hermes-agent 2026.4.23 Injection (CWE-74)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/812227"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/581fd92de5548fbaacb2092e848a75cc"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-23T12:38:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent prompt_builder.py _scan_context_content injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9366",
"datePublished": "2026-05-24T08:15:09.911Z",
"dateReserved": "2026-05-23T10:33:09.869Z",
"dateUpdated": "2026-05-27T17:27:32.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9354 (GCVE-0-2026-9354)
Vulnerability from cvelistv5 – Published: 2026-05-24 04:15 – Updated: 2026-05-27 17:28
VLAI
Title
NousResearch hermes-agent Slack Agent/Mattermost Agent escape output
Summary
A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument format_message results in escaping of output. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365317 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365317/cti | signaturepermissions-required |
| https://vuldb.com/submit/812226 | third-party-advisory |
| https://gist.github.com/YLChen-007/e90fb38ac03284… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9354",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T16:25:19.177335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T17:28:00.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"Slack Agent/Mattermost Agent"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-i (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument format_message results in escaping of output. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.4,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T04:15:07.598Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365317 | NousResearch hermes-agent Slack Agent/Mattermost Agent escape output",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365317"
},
{
"name": "VDB-365317 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365317/cti"
},
{
"name": "Submit #812226 | NousResearch hermes-agent 2026.4.16 Improper Encoding or Escaping of Output (CWE-116)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/812226"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/e90fb38ac03284176bae49898a3a46a4"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-23T11:24:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent Slack Agent/Mattermost Agent escape output"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9354",
"datePublished": "2026-05-24T04:15:07.598Z",
"dateReserved": "2026-05-23T09:19:41.024Z",
"dateUpdated": "2026-05-27T17:28:00.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9353 (GCVE-0-2026-9353)
Vulnerability from cvelistv5 – Published: 2026-05-24 03:45 – Updated: 2026-05-26 13:30
VLAI
Title
NousResearch hermes-agent Skills Guard Multi-Word Prompt skills_guard.py injection
Summary
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREAT_PATTERNS leads to injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365316 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365316/cti | signaturepermissions-required |
| https://vuldb.com/submit/812216 | third-party-advisory |
| https://gist.github.com/YLChen-007/82a3539d635884… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 Affected: 2026.4.17 Affected: 2026.4.18 Affected: 2026.4.19 Affected: 2026.4.20 Affected: 2026.4.21 Affected: 2026.4.22 Affected: 2026.4.23 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9353",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T13:30:06.866197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T13:30:15.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"Skills Guard Multi-Word Prompt Handler"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
},
{
"status": "affected",
"version": "2026.4.17"
},
{
"status": "affected",
"version": "2026.4.18"
},
{
"status": "affected",
"version": "2026.4.19"
},
{
"status": "affected",
"version": "2026.4.20"
},
{
"status": "affected",
"version": "2026.4.21"
},
{
"status": "affected",
"version": "2026.4.22"
},
{
"status": "affected",
"version": "2026.4.23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-i (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREAT_PATTERNS leads to injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T03:45:07.511Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365316 | NousResearch hermes-agent Skills Guard Multi-Word Prompt skills_guard.py injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365316"
},
{
"name": "VDB-365316 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365316/cti"
},
{
"name": "Submit #812216 | NousResearch hermes-agent 2026.4.23 Injection (CWE-74)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/812216"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/82a3539d6358842e69dfaef0a9fcf14a"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-23T11:24:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent Skills Guard Multi-Word Prompt skills_guard.py injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9353",
"datePublished": "2026-05-24T03:45:07.511Z",
"dateReserved": "2026-05-23T09:19:38.292Z",
"dateUpdated": "2026-05-26T13:30:15.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9352 (GCVE-0-2026-9352)
Vulnerability from cvelistv5 – Published: 2026-05-24 03:30 – Updated: 2026-06-01 20:09
VLAI
Title
NousResearch hermes-agent Messaging Gateway local.py _make_run_env information disclosure
Summary
A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365315 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365315/cti | signaturepermissions-required |
| https://vuldb.com/submit/812215 | third-party-advisory |
| https://gist.github.com/YLChen-007/760b3940f70899… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 Affected: 2026.4.17 Affected: 2026.4.18 Affected: 2026.4.19 Affected: 2026.4.20 Affected: 2026.4.21 Affected: 2026.4.22 Affected: 2026.4.23 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9352",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T18:15:23.587484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T20:09:38.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"Messaging Gateway Handler"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
},
{
"status": "affected",
"version": "2026.4.17"
},
{
"status": "affected",
"version": "2026.4.18"
},
{
"status": "affected",
"version": "2026.4.19"
},
{
"status": "affected",
"version": "2026.4.20"
},
{
"status": "affected",
"version": "2026.4.21"
},
{
"status": "affected",
"version": "2026.4.22"
},
{
"status": "affected",
"version": "2026.4.23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-i (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T03:30:11.060Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365315 | NousResearch hermes-agent Messaging Gateway local.py _make_run_env information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365315"
},
{
"name": "VDB-365315 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365315/cti"
},
{
"name": "Submit #812215 | NousResearch hermes-agent 2026.4.23 Exposure of Sensitive Information (CWE-200)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/812215"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/760b3940f708990e535214529c0c7a27"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-23T11:24:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent Messaging Gateway local.py _make_run_env information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9352",
"datePublished": "2026-05-24T03:30:11.060Z",
"dateReserved": "2026-05-23T09:19:35.674Z",
"dateUpdated": "2026-06-01T20:09:38.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9351 (GCVE-0-2026-9351)
Vulnerability from cvelistv5 – Published: 2026-05-24 03:15 – Updated: 2026-05-26 14:23
VLAI
Title
NousResearch hermes-agent read_file Tool file_tools.py _is_blocked_device path traversal
Summary
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365314 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365314/cti | signaturepermissions-required |
| https://vuldb.com/submit/812214 | third-party-advisory |
| https://gist.github.com/YLChen-007/1d1aeff404cb88… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9351",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T14:21:35.844062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:23:16.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"read_file Tool"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-h (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.4,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T03:15:10.604Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365314 | NousResearch hermes-agent read_file Tool file_tools.py _is_blocked_device path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365314"
},
{
"name": "VDB-365314 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365314/cti"
},
{
"name": "Submit #812214 | NousResearch hermes-agent 2026.4.16 Path Traversal (CWE-22)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/812214"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/1d1aeff404cb88e06ec2fb3377f49fef"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-23T11:24:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent read_file Tool file_tools.py _is_blocked_device path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9351",
"datePublished": "2026-05-24T03:15:10.604Z",
"dateReserved": "2026-05-23T09:19:32.925Z",
"dateUpdated": "2026-05-26T14:23:16.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9350 (GCVE-0-2026-9350)
Vulnerability from cvelistv5 – Published: 2026-05-24 02:45 – Updated: 2026-05-26 17:48
VLAI
Title
NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization
Summary
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365313 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365313/cti | signaturepermissions-required |
| https://vuldb.com/submit/812213 | third-party-advisory |
| https://gist.github.com/YLChen-007/22cada4c9060f5… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:47:52.773882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:48:19.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"Batch Runner"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-h (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T02:45:10.330Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365313 | NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365313"
},
{
"name": "VDB-365313 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365313/cti"
},
{
"name": "Submit #812213 | NousResearch hermes-agent 2026.4.16 Missing Authorization (CWE-862)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/812213"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/22cada4c9060f5123dde6185135ae3ab"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-23T11:24:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9350",
"datePublished": "2026-05-24T02:45:10.330Z",
"dateReserved": "2026-05-23T09:19:30.069Z",
"dateUpdated": "2026-05-26T17:48:19.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7397 (GCVE-0-2026-7397)
Vulnerability from cvelistv5 – Published: 2026-04-29 18:00 – Updated: 2026-04-30 12:47 X_Open Source
VLAI
Title
NousResearch hermes-agent file_tools.py _check_sensitive_path symlink
Summary
A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.9.0 is able to mitigate this issue. The patch is identified as 311dac197145e19e07df68feba2cd55d896a3cd1. Upgrading the affected component is recommended.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360121 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360121/cti | signaturepermissions-required |
| https://vuldb.com/submit/803270 | third-party-advisory |
| https://github.com/NousResearch/hermes-agent/issu… | exploitissue-tracking |
| https://github.com/NousResearch/hermes-agent/pull/8829 | issue-trackingpatch |
| https://github.com/NousResearch/hermes-agent/comm… | patch |
| https://github.com/NousResearch/hermes-agent/rele… | patch |
| https://github.com/NousResearch/hermes-agent/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
0.8.0
Unaffected: 0.9.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7397",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T12:46:44.355384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T12:47:09.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "0.8.0"
},
{
"status": "unaffected",
"version": "0.9.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu_Bao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.9.0 is able to mitigate this issue. The patch is identified as 311dac197145e19e07df68feba2cd55d896a3cd1. Upgrading the affected component is recommended."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "Symlink Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Link Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T18:00:21.731Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360121 | NousResearch hermes-agent file_tools.py _check_sensitive_path symlink",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360121"
},
{
"name": "VDB-360121 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360121/cti"
},
{
"name": "Submit #803270 | NousResearch hermes-agent 0.8.0 Path Write Protection Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803270"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/NousResearch/hermes-agent/issues/8734"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/NousResearch/hermes-agent/pull/8829"
},
{
"tags": [
"patch"
],
"url": "https://github.com/NousResearch/hermes-agent/commit/311dac197145e19e07df68feba2cd55d896a3cd1"
},
{
"tags": [
"patch"
],
"url": "https://github.com/NousResearch/hermes-agent/releases/tag/v2026.4.13"
},
{
"tags": [
"product"
],
"url": "https://github.com/NousResearch/hermes-agent/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T12:49:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent file_tools.py _check_sensitive_path symlink"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7397",
"datePublished": "2026-04-29T18:00:21.731Z",
"dateReserved": "2026-04-29T10:44:13.710Z",
"dateUpdated": "2026-04-30T12:47:09.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7396 (GCVE-0-2026-7396)
Vulnerability from cvelistv5 – Published: 2026-04-29 17:30 – Updated: 2026-04-29 19:28
VLAI
Title
NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal
Summary
A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360120 | vdb-entry |
| https://vuldb.com/vuln/360120/cti | signaturepermissions-required |
| https://vuldb.com/submit/803269 | third-party-advisory |
| https://github.com/NousResearch/hermes-agent/issu… | exploitissue-tracking |
| https://github.com/bugmaker2/hermes-agent/issues/29 | issue-tracking |
| https://github.com/NousResearch/hermes-agent/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
0.8.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7396",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T19:28:24.587789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T19:28:34.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"WeChat Work Platform Adapter"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "0.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu_Bao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T17:30:15.387Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360120 | NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/360120"
},
{
"name": "VDB-360120 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360120/cti"
},
{
"name": "Submit #803269 | NousResearch hermes-agent 0.8.0 Arbitrary File Read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803269"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/NousResearch/hermes-agent/issues/8733"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/bugmaker2/hermes-agent/issues/29"
},
{
"tags": [
"product"
],
"url": "https://github.com/NousResearch/hermes-agent/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T12:49:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7396",
"datePublished": "2026-04-29T17:30:15.387Z",
"dateReserved": "2026-04-29T10:44:06.942Z",
"dateUpdated": "2026-04-29T19:28:34.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7113 (GCVE-0-2026-7113)
Vulnerability from cvelistv5 – Published: 2026-04-27 10:00 – Updated: 2026-04-27 13:29
VLAI
Title
NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication
Summary
A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument _INSECURE_NO_AUTH results in missing authentication. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitation is known to be difficult. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/359713 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/359713/cti | signaturepermissions-required |
| https://vuldb.com/submit/800802 | third-party-advisory |
| https://github.com/NousResearch/hermes-agent/issu… | exploitissue-tracking |
| https://github.com/NousResearch/hermes-agent/pull/6445 | issue-trackingpatch |
| https://github.com/NousResearch/hermes-agent/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
0.8.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7113",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:09:41.231194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:29:05.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Webhooks Endpoint"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "0.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu-Bao (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument _INSECURE_NO_AUTH results in missing authentication. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitation is known to be difficult. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T10:00:17.997Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-359713 | NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/359713"
},
{
"name": "VDB-359713 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/359713/cti"
},
{
"name": "Submit #800802 | NousResearch hermes-agent 0.8.0 Unauthenticated Remote Code Execution Webhook",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/800802"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/NousResearch/hermes-agent/issues/6440"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/NousResearch/hermes-agent/pull/6445"
},
{
"tags": [
"product"
],
"url": "https://github.com/NousResearch/hermes-agent/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-26T18:00:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7113",
"datePublished": "2026-04-27T10:00:17.997Z",
"dateReserved": "2026-04-26T15:54:52.370Z",
"dateUpdated": "2026-04-27T13:29:05.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7112 (GCVE-0-2026-7112)
Vulnerability from cvelistv5 – Published: 2026-04-27 09:45 – Updated: 2026-04-27 12:21
VLAI
Title
NousResearch hermes-agent API_SERVER_KEY api_server.py _check_auth improper authentication
Summary
A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KEY Handler. The manipulation leads to improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/359712 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/359712/cti | signaturepermissions-required |
| https://vuldb.com/submit/800800 | third-party-advisory |
| https://github.com/NousResearch/hermes-agent/issu… | exploitissue-tracking |
| https://github.com/NousResearch/hermes-agent/pull/6477 | issue-trackingpatch |
| https://github.com/NousResearch/hermes-agent/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
0.8.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7112",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T12:21:19.774754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T12:21:26.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API_SERVER_KEY Handler"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "0.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu-Bao (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KEY Handler. The manipulation leads to improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T09:45:11.517Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-359712 | NousResearch hermes-agent API_SERVER_KEY api_server.py _check_auth improper authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/359712"
},
{
"name": "VDB-359712 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/359712/cti"
},
{
"name": "Submit #800800 | NousResearch hermes-agent 0.8.0 Unauthenticated Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/800800"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/NousResearch/hermes-agent/issues/6439"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/NousResearch/hermes-agent/pull/6477"
},
{
"tags": [
"product"
],
"url": "https://github.com/NousResearch/hermes-agent/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-26T18:00:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent API_SERVER_KEY api_server.py _check_auth improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7112",
"datePublished": "2026-04-27T09:45:11.517Z",
"dateReserved": "2026-04-26T15:54:42.744Z",
"dateUpdated": "2026-04-27T12:21:26.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}