Search

Find a vulnerability

Search criteria

    58 vulnerabilities by NousResearch

    CVE-2026-15311 (GCVE-0-2026-15311)

    Vulnerability from nvd – Published: 2026-07-09 23:45 – Updated: 2026-07-10 14:12
    VLAI
    Title
    NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting
    Summary
    A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.5.29.0
    Affected: 2026.5.29.1
    Affected: 2026.5.29.2
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-d (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15311",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T14:12:35.059940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T14:12:45.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Matrix Adapter"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.5.29.0"
                },
                {
                  "status": "affected",
                  "version": "2026.5.29.1"
                },
                {
                  "status": "affected",
                  "version": "2026.5.29.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-d (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T23:45:10.318Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377247 | NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377247"
            },
            {
              "name": "VDB-377247 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377247/cti"
            },
            {
              "name": "CVE-2026-15311 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15311"
            },
            {
              "name": "Submit #852843 | NousResearch hermes-agent 2026.5.29.2 Cross-site Scripting (CWE-79)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852843"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/issues/42667"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/42759"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T19:54:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15311",
        "datePublished": "2026-07-09T23:45:10.318Z",
        "dateReserved": "2026-07-09T17:49:30.256Z",
        "dateUpdated": "2026-07-10T14:12:45.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14783 (GCVE-0-2026-14783)

    Vulnerability from nvd – Published: 2026-07-05 23:45 – Updated: 2026-07-06 17:39 X_Open Source
    VLAI
    Title
    NousResearch hermes-agent skills_tool.py skill_view path traversal
    Summary
    A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skill_view of the file tools/skills_tool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 56f833efa427ccb444c0f9ad1759af1012f2124d. It is advisable to implement a patch to correct this issue.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.5.29.2
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-y (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14783",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:39:52.184423Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:39:58.056Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/847502"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.5.29.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-y (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skill_view of the file tools/skills_tool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 56f833efa427ccb444c0f9ad1759af1012f2124d. It is advisable to implement a patch to correct this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T23:45:10.833Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376373 | NousResearch hermes-agent skills_tool.py skill_view path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376373"
            },
            {
              "name": "VDB-376373 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376373/cti"
            },
            {
              "name": "CVE-2026-14783 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14783"
            },
            {
              "name": "Submit #847502 | NousResearch hermes-agent 2026.5.29.2 Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (CWE-22)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/847502"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/issues/38643"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/40566"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/commit/56f833efa427ccb444c0f9ad1759af1012f2124d"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T16:05:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent skills_tool.py skill_view path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14783",
        "datePublished": "2026-07-05T23:45:10.833Z",
        "dateReserved": "2026-07-05T14:00:38.992Z",
        "dateUpdated": "2026-07-06T17:39:58.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14628 (GCVE-0-2026-14628)

    Vulnerability from nvd – Published: 2026-07-04 13:00 – Updated: 2026-07-06 16:25
    VLAI
    Title
    NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal
    Summary
    A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376144 vdb-entrytechnical-description
    https://vuldb.com/vuln/376144/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14628 third-party-advisory
    https://vuldb.com/submit/845599 third-party-advisory
    https://gist.github.com/YLChen-007/8af7eff27b50be… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.5.0
    Affected: 2026.5.1
    Affected: 2026.5.2
    Affected: 2026.5.3
    Affected: 2026.5.4
    Affected: 2026.5.5
    Affected: 2026.5.6
    Affected: 2026.5.7
    Affected: 2026.5.8
    Affected: 2026.5.9
    Affected: 2026.5.10
    Affected: 2026.5.11
    Affected: 2026.5.12
    Affected: 2026.5.13
    Affected: 2026.5.14
    Affected: 2026.5.15
    Affected: 2026.5.16
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-a (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14628",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:25:04.744864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:25:15.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Live Webhook Endpoint"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.5.0"
                },
                {
                  "status": "affected",
                  "version": "2026.5.1"
                },
                {
                  "status": "affected",
                  "version": "2026.5.2"
                },
                {
                  "status": "affected",
                  "version": "2026.5.3"
                },
                {
                  "status": "affected",
                  "version": "2026.5.4"
                },
                {
                  "status": "affected",
                  "version": "2026.5.5"
                },
                {
                  "status": "affected",
                  "version": "2026.5.6"
                },
                {
                  "status": "affected",
                  "version": "2026.5.7"
                },
                {
                  "status": "affected",
                  "version": "2026.5.8"
                },
                {
                  "status": "affected",
                  "version": "2026.5.9"
                },
                {
                  "status": "affected",
                  "version": "2026.5.10"
                },
                {
                  "status": "affected",
                  "version": "2026.5.11"
                },
                {
                  "status": "affected",
                  "version": "2026.5.12"
                },
                {
                  "status": "affected",
                  "version": "2026.5.13"
                },
                {
                  "status": "affected",
                  "version": "2026.5.14"
                },
                {
                  "status": "affected",
                  "version": "2026.5.15"
                },
                {
                  "status": "affected",
                  "version": "2026.5.16"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-a (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T13:00:08.104Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376144 | NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376144"
            },
            {
              "name": "VDB-376144 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376144/cti"
            },
            {
              "name": "CVE-2026-14628 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14628"
            },
            {
              "name": "Submit #845599 | NousResearch Hermes Agent \u003c= v2026.5.16 Path Traversal / Improper Limitation of a Pathname to a Restricted Directory (CWE-22)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/845599"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/8af7eff27b50bec24b2d0f76dd1c4383"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T19:13:07.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14628",
        "datePublished": "2026-07-04T13:00:08.104Z",
        "dateReserved": "2026-07-03T17:07:53.319Z",
        "dateUpdated": "2026-07-06T16:25:15.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14627 (GCVE-0-2026-14627)

    Vulnerability from nvd – Published: 2026-07-04 12:45 – Updated: 2026-07-06 16:51
    VLAI
    Title
    NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication
    Summary
    A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376143 vdb-entrytechnical-description
    https://vuldb.com/vuln/376143/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14627 third-party-advisory
    https://vuldb.com/submit/845598 third-party-advisory
    https://gist.github.com/YLChen-007/d030c690b10a97… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 0.15.0
    Affected: 0.15.1
    Affected: 0.15.2
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-a (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14627",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:36:18.904042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:51:32.667Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Discord Platform Integration"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.15.0"
                },
                {
                  "status": "affected",
                  "version": "0.15.1"
                },
                {
                  "status": "affected",
                  "version": "0.15.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-a (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.1,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T12:45:06.333Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376143 | NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376143"
            },
            {
              "name": "VDB-376143 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376143/cti"
            },
            {
              "name": "CVE-2026-14627 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14627"
            },
            {
              "name": "Submit #845598 | NousResearch Hermes Agent \u003c= 75cbdfd06b Improper Authentication (CWE-287)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/845598"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/d030c690b10a97319efb129ca2f5badb"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T19:13:04.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14627",
        "datePublished": "2026-07-04T12:45:06.333Z",
        "dateReserved": "2026-07-03T17:07:50.732Z",
        "dateUpdated": "2026-07-06T16:51:32.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14626 (GCVE-0-2026-14626)

    Vulnerability from nvd – Published: 2026-07-04 12:00 – Updated: 2026-07-07 02:29
    VLAI
    Title
    NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service
    Summary
    A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376142 vdb-entrytechnical-description
    https://vuldb.com/vuln/376142/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14626 third-party-advisory
    https://vuldb.com/submit/845596 third-party-advisory
    https://gist.github.com/YLChen-007/b91a85f9448bea… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
    Affected: 2026.4.24
    Affected: 2026.4.25
    Affected: 2026.4.26
    Affected: 2026.4.27
    Affected: 2026.4.28
    Affected: 2026.4.29
    Affected: 2026.4.30
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-a (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14626",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T02:29:16.781487Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T02:29:27.952Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP API"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                },
                {
                  "status": "affected",
                  "version": "2026.4.24"
                },
                {
                  "status": "affected",
                  "version": "2026.4.25"
                },
                {
                  "status": "affected",
                  "version": "2026.4.26"
                },
                {
                  "status": "affected",
                  "version": "2026.4.27"
                },
                {
                  "status": "affected",
                  "version": "2026.4.28"
                },
                {
                  "status": "affected",
                  "version": "2026.4.29"
                },
                {
                  "status": "affected",
                  "version": "2026.4.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-a (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T12:00:07.960Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376142 | NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376142"
            },
            {
              "name": "VDB-376142 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376142/cti"
            },
            {
              "name": "CVE-2026-14626 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14626"
            },
            {
              "name": "Submit #845596 | NousResearch Hermes Agent \u003c= v2026.4.30 Insufficient Verification of Data Authenticity (CWE-345)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/845596"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/b91a85f9448beadebe25d37a3f4fd760"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T19:13:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14626",
        "datePublished": "2026-07-04T12:00:07.960Z",
        "dateReserved": "2026-07-03T17:07:48.069Z",
        "dateUpdated": "2026-07-07T02:29:27.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14625 (GCVE-0-2026-14625)

    Vulnerability from nvd – Published: 2026-07-04 11:30 – Updated: 2026-07-06 17:12
    VLAI
    Title
    NousResearch hermes-agent server.py shell.exec protection mechanism
    Summary
    A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376141 vdb-entrytechnical-description
    https://vuldb.com/vuln/376141/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14625 third-party-advisory
    https://vuldb.com/submit/845595 third-party-advisory
    https://gist.github.com/YLChen-007/3b11589740dcf1… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 0.15.0
    Affected: 0.15.1
    Affected: 0.15.2
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-a (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14625",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:12:07.602124Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:12:17.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.15.0"
                },
                {
                  "status": "affected",
                  "version": "0.15.1"
                },
                {
                  "status": "affected",
                  "version": "0.15.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-a (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T11:30:07.910Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376141 | NousResearch hermes-agent server.py shell.exec protection mechanism",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376141"
            },
            {
              "name": "VDB-376141 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376141/cti"
            },
            {
              "name": "CVE-2026-14625 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14625"
            },
            {
              "name": "Submit #845595 | NousResearch Hermes Agent 75cbdfd06bb041936f164c8d75ac518b2cb4fec0 Protection Mechanism Failure (CWE-693)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/845595"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/3b11589740dcf16b152b0929e1b3d024"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T19:12:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent server.py shell.exec protection mechanism"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14625",
        "datePublished": "2026-07-04T11:30:07.910Z",
        "dateReserved": "2026-07-03T17:07:45.760Z",
        "dateUpdated": "2026-07-06T17:12:17.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14617 (GCVE-0-2026-14617)

    Vulnerability from nvd – Published: 2026-07-03 21:45 – Updated: 2026-07-06 19:40
    VLAI
    Title
    NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStreamConsumer._filter_and_accumulate case sensitivity
    Summary
    A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case sensitivity. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The project decided to not implement a dedicated fix: "[T]he analysis and the fix are both sound. It just lands below the bar for the maintenance cost of a duplicated scrub path."
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-178 - Improper Handling of Case Sensitivity
    • CWE-697 - Incorrect Comparison
    Assigner
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
    Affected: 2026.4.24
    Affected: 2026.4.25
    Affected: 2026.4.26
    Affected: 2026.4.27
    Affected: 2026.4.28
    Affected: 2026.4.29
    Affected: 2026.4.30
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-a (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14617",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T19:40:08.738335Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T19:40:14.670Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/844654"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Streaming Reasoning Tag Filter"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                },
                {
                  "status": "affected",
                  "version": "2026.4.24"
                },
                {
                  "status": "affected",
                  "version": "2026.4.25"
                },
                {
                  "status": "affected",
                  "version": "2026.4.26"
                },
                {
                  "status": "affected",
                  "version": "2026.4.27"
                },
                {
                  "status": "affected",
                  "version": "2026.4.28"
                },
                {
                  "status": "affected",
                  "version": "2026.4.29"
                },
                {
                  "status": "affected",
                  "version": "2026.4.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-a (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case sensitivity. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The project decided to not implement a dedicated fix: \"[T]he analysis and the fix are both sound. It just lands below the bar for the maintenance cost of a duplicated scrub path.\""
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.1,
                "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-178",
                  "description": "Improper Handling of Case Sensitivity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-697",
                  "description": "Incorrect Comparison",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T21:45:10.246Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376134 | NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStreamConsumer._filter_and_accumulate case sensitivity",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376134"
            },
            {
              "name": "VDB-376134 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376134/cti"
            },
            {
              "name": "CVE-2026-14617 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14617"
            },
            {
              "name": "Submit #844654 | Nous Research hermes-agent v2026.4.30 Improper Handling of Case Sensitivity Leading to Information Disclosure (CWE-178)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/844654"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/issues/27288"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/28631#issuecomment-4622188016"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/2229e5505bcbb3e15a7ae8fba4c4be37"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T18:36:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStreamConsumer._filter_and_accumulate case sensitivity"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14617",
        "datePublished": "2026-07-03T21:45:10.246Z",
        "dateReserved": "2026-07-03T16:31:16.337Z",
        "dateUpdated": "2026-07-06T19:40:14.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53870 (GCVE-0-2026-53870)

    Vulnerability from nvd – Published: 2026-06-17 17:57 – Updated: 2026-06-17 18:39 X_Open Source
    VLAI
    Title
    Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files
    Summary
    Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 0 , < 0.16.0 (semver)
    Unaffected: 0.16.0 (semver)
    Create a notification for this product.
    Date Public
    2026-05-24 00:00
    Credits
    Chia Min Jun Lennon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53870",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:39:20.486749Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:39:35.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/NousResearch/hermes-agent/pull/30917"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/hermes-agent",
              "product": "hermes-agent",
              "repo": "https://github.com/NousResearch/hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "lessThan": "0.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.16.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chia Min Jun Lennon"
            }
          ],
          "datePublic": "2026-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:57:58.314Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Release Notes",
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/releases/tag/v2026.6.5"
            },
            {
              "name": "Researcher Pull Request",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/30917"
            },
            {
              "name": "Maintainer Pull Request",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/31469"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/commit/3bace071bfadf2d2bec2ee048471a31ec920e3e8"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/hermes-agent-sensitive-file-permission-vulnerability-in-store-files"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "title": "Hermes Agent \u003c 0.16.0 - Sensitive File Permission Vulnerability in Store Files",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-53870",
        "datePublished": "2026-06-17T17:57:58.314Z",
        "dateReserved": "2026-06-10T21:23:54.283Z",
        "dateUpdated": "2026-06-17T18:39:35.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53869 (GCVE-0-2026-53869)

    Vulnerability from nvd – Published: 2026-06-17 17:57 – Updated: 2026-06-18 15:29 X_Open Source
    VLAI
    Title
    Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints
    Summary
    Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling attackers to exploit DNS rebinding and inject malicious commands or read terminal output.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 0 , < 0.16.0 (semver)
    Unaffected: 0.16.0 (semver)
    Create a notification for this product.
    Date Public
    2026-05-24 00:00
    Credits
    Chia Min Jun Lennon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53869",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T15:28:51.075482Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T15:29:39.022Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/hermes-agent",
              "product": "hermes-agent",
              "repo": "https://github.com/NousResearch/hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "lessThan": "0.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.16.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chia Min Jun Lennon"
            }
          ],
          "datePublic": "2026-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling attackers to exploit DNS rebinding and inject malicious commands or read terminal output."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:57:30.978Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Release Notes",
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/releases/tag/v2026.6.5"
            },
            {
              "name": "Researcher Pull Request",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/30221"
            },
            {
              "name": "Maintainer Pull Request",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/31685"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/commit/d9ec90585cf7616b5972e44cf8d92bb569fc3feb"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/hermes-agent-dns-rebinding-bypass-via-websocket-endpoints"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "title": "Hermes Agent \u003c 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-53869",
        "datePublished": "2026-06-17T17:57:30.978Z",
        "dateReserved": "2026-06-10T21:23:54.283Z",
        "dateUpdated": "2026-06-18T15:29:39.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11461 (GCVE-0-2026-11461)

    Vulnerability from nvd – Published: 2026-06-07 21:45 – Updated: 2026-06-09 14:48
    VLAI
    Title
    NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization
    Summary
    A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 0.1
    Affected: 0.2
    Affected: 0.3
    Affected: 0.4
    Affected: 0.5
    Affected: 0.6
    Affected: 0.7
    Affected: 0.8
    Affected: 0.9
    Affected: 0.10
    Affected: 0.11
    Affected: 0.12.0
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-b (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11461",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:48:20.842250Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:48:38.386Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/829402"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "resume Endpoint"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.1"
                },
                {
                  "status": "affected",
                  "version": "0.2"
                },
                {
                  "status": "affected",
                  "version": "0.3"
                },
                {
                  "status": "affected",
                  "version": "0.4"
                },
                {
                  "status": "affected",
                  "version": "0.5"
                },
                {
                  "status": "affected",
                  "version": "0.6"
                },
                {
                  "status": "affected",
                  "version": "0.7"
                },
                {
                  "status": "affected",
                  "version": "0.8"
                },
                {
                  "status": "affected",
                  "version": "0.9"
                },
                {
                  "status": "affected",
                  "version": "0.10"
                },
                {
                  "status": "affected",
                  "version": "0.11"
                },
                {
                  "status": "affected",
                  "version": "0.12.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-b (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T21:45:09.216Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369081 | NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/369081"
            },
            {
              "name": "VDB-369081 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369081/cti"
            },
            {
              "name": "CVE-2026-11461 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11461"
            },
            {
              "name": "Submit #829402 | NousResearch hermes-agent \u003c= v0.12.0 Authorization Bypass Through User-Controlled Key (CWE-639)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/829402"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/c2d162e9c8d39584223683cdcba98607"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T09:33:10.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11461",
        "datePublished": "2026-06-07T21:45:09.216Z",
        "dateReserved": "2026-06-07T07:28:06.447Z",
        "dateUpdated": "2026-06-09T14:48:38.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10548 (GCVE-0-2026-10548)

    Vulnerability from nvd – Published: 2026-06-02 00:30 – Updated: 2026-06-03 13:53
    VLAI
    Title
    NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication
    Summary
    A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367645 vdb-entrytechnical-description
    https://vuldb.com/vuln/367645/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10548 third-party-advisory
    https://vuldb.com/submit/822026 third-party-advisory
    https://gist.github.com/YLChen-007/caf38652afeccb… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-j (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10548",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T13:52:49.345677Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T13:53:36.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/822026"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Credential Pool Synchronization"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-j (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T00:30:09.704Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367645 | NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367645"
            },
            {
              "name": "VDB-367645 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367645/cti"
            },
            {
              "name": "CVE-2026-10548 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10548"
            },
            {
              "name": "Submit #822026 | NousResearch hermes-agent \u003c= v2026.4.23 Improper Authentication (CWE-287)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/822026"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/caf38652afeccbbd53a9d77152b6198d"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-01T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-01T15:33:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10548",
        "datePublished": "2026-06-02T00:30:09.704Z",
        "dateReserved": "2026-06-01T13:28:23.195Z",
        "dateUpdated": "2026-06-03T13:53:36.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10224 (GCVE-0-2026-10224)

    Vulnerability from nvd – Published: 2026-06-01 04:30 – Updated: 2026-06-01 15:23
    VLAI
    Title
    NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption
    Summary
    A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367503 vdb-entrytechnical-description
    https://vuldb.com/vuln/367503/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10224 third-party-advisory
    https://vuldb.com/submit/822022 third-party-advisory
    https://gist.github.com/YLChen-007/0304e313d811f1… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
    Affected: 2026.4.24
    Affected: 2026.4.25
    Affected: 2026.4.26
    Affected: 2026.4.27
    Affected: 2026.4.28
    Affected: 2026.4.29
    Affected: 2026.4.30
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-j (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10224",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T15:17:27.870597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T15:23:38.699Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Webhook Endpoint"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                },
                {
                  "status": "affected",
                  "version": "2026.4.24"
                },
                {
                  "status": "affected",
                  "version": "2026.4.25"
                },
                {
                  "status": "affected",
                  "version": "2026.4.26"
                },
                {
                  "status": "affected",
                  "version": "2026.4.27"
                },
                {
                  "status": "affected",
                  "version": "2026.4.28"
                },
                {
                  "status": "affected",
                  "version": "2026.4.29"
                },
                {
                  "status": "affected",
                  "version": "2026.4.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-j (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T04:30:08.987Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367503 | NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367503"
            },
            {
              "name": "VDB-367503 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367503/cti"
            },
            {
              "name": "CVE-2026-10224 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10224"
            },
            {
              "name": "Submit #822022 | NousResearch hermes-agent \u003c= v2026.4.30 Uncontrolled Resource Consumption (CWE-400)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/822022"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/0304e313d811f187ade93d3b01de0f87"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T09:56:48.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10224",
        "datePublished": "2026-06-01T04:30:08.987Z",
        "dateReserved": "2026-05-31T07:51:32.069Z",
        "dateUpdated": "2026-06-01T15:23:38.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10223 (GCVE-0-2026-10223)

    Vulnerability from nvd – Published: 2026-06-01 04:15 – Updated: 2026-06-01 14:56
    VLAI
    Title
    NousResearch hermes-agent memory_tool.py _scan_memory_content injection
    Summary
    A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367502 vdb-entrytechnical-description
    https://vuldb.com/vuln/367502/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10223 third-party-advisory
    https://vuldb.com/submit/822021 third-party-advisory
    https://gist.github.com/YLChen-007/a1fb77ad2488c5… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
    Affected: 2026.4.24
    Affected: 2026.4.25
    Affected: 2026.4.26
    Affected: 2026.4.27
    Affected: 2026.4.28
    Affected: 2026.4.29
    Affected: 2026.4.30
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-j (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10223",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T14:56:41.408760Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T14:56:52.653Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                },
                {
                  "status": "affected",
                  "version": "2026.4.24"
                },
                {
                  "status": "affected",
                  "version": "2026.4.25"
                },
                {
                  "status": "affected",
                  "version": "2026.4.26"
                },
                {
                  "status": "affected",
                  "version": "2026.4.27"
                },
                {
                  "status": "affected",
                  "version": "2026.4.28"
                },
                {
                  "status": "affected",
                  "version": "2026.4.29"
                },
                {
                  "status": "affected",
                  "version": "2026.4.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-j (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "Improper Neutralization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T04:15:05.930Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367502 | NousResearch hermes-agent memory_tool.py _scan_memory_content injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367502"
            },
            {
              "name": "VDB-367502 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367502/cti"
            },
            {
              "name": "CVE-2026-10223 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10223"
            },
            {
              "name": "Submit #822021 | NousResearch hermes-agent \u003c= v2026.4.30 Injection (CWE-74)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/822021"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/a1fb77ad2488c545a35d0f66356ea7b4"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T09:56:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent memory_tool.py _scan_memory_content injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10223",
        "datePublished": "2026-06-01T04:15:05.930Z",
        "dateReserved": "2026-05-31T07:51:29.252Z",
        "dateUpdated": "2026-06-01T14:56:52.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10222 (GCVE-0-2026-10222)

    Vulnerability from nvd – Published: 2026-06-01 04:00 – Updated: 2026-06-01 13:16
    VLAI
    Title
    NousResearch hermes-agent config.py _sanitize_env_lines injection
    Summary
    A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367501 vdb-entrytechnical-description
    https://vuldb.com/vuln/367501/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10222 third-party-advisory
    https://vuldb.com/submit/822020 third-party-advisory
    https://gist.github.com/YLChen-007/7ee2eeaa383b35… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
    Affected: 2026.4.24
    Affected: 2026.4.25
    Affected: 2026.4.26
    Affected: 2026.4.27
    Affected: 2026.4.28
    Affected: 2026.4.29
    Affected: 2026.4.30
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-j (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10222",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T13:16:15.346798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T13:16:34.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                },
                {
                  "status": "affected",
                  "version": "2026.4.24"
                },
                {
                  "status": "affected",
                  "version": "2026.4.25"
                },
                {
                  "status": "affected",
                  "version": "2026.4.26"
                },
                {
                  "status": "affected",
                  "version": "2026.4.27"
                },
                {
                  "status": "affected",
                  "version": "2026.4.28"
                },
                {
                  "status": "affected",
                  "version": "2026.4.29"
                },
                {
                  "status": "affected",
                  "version": "2026.4.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-j (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.1,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "Improper Neutralization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T04:00:11.313Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367501 | NousResearch hermes-agent config.py _sanitize_env_lines injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367501"
            },
            {
              "name": "VDB-367501 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367501/cti"
            },
            {
              "name": "CVE-2026-10222 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10222"
            },
            {
              "name": "Submit #822020 | NousResearch hermes-agent \u003c= v2026.4.30 Injection (CWE-74)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/822020"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/7ee2eeaa383b3540d2e8854250c03fb0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T09:56:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent config.py _sanitize_env_lines injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10222",
        "datePublished": "2026-06-01T04:00:11.313Z",
        "dateReserved": "2026-05-31T07:51:26.584Z",
        "dateUpdated": "2026-06-01T13:16:34.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10221 (GCVE-0-2026-10221)

    Vulnerability from nvd – Published: 2026-06-01 03:45 – Updated: 2026-06-03 16:10
    VLAI
    Title
    NousResearch hermes-agent run_agent.py _compress_context injection
    Summary
    A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367500 vdb-entrytechnical-description
    https://vuldb.com/vuln/367500/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10221 third-party-advisory
    https://vuldb.com/submit/822019 third-party-advisory
    https://gist.github.com/YLChen-007/d343fcfe2c009c… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 0.1
    Affected: 0.2
    Affected: 0.3
    Affected: 0.4
    Affected: 0.5
    Affected: 0.6
    Affected: 0.7
    Affected: 0.8
    Affected: 0.9
    Affected: 0.10
    Affected: 0.11
    Affected: 0.12.0
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-j (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10221",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T16:10:02.984547Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T16:10:30.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/822019"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.1"
                },
                {
                  "status": "affected",
                  "version": "0.2"
                },
                {
                  "status": "affected",
                  "version": "0.3"
                },
                {
                  "status": "affected",
                  "version": "0.4"
                },
                {
                  "status": "affected",
                  "version": "0.5"
                },
                {
                  "status": "affected",
                  "version": "0.6"
                },
                {
                  "status": "affected",
                  "version": "0.7"
                },
                {
                  "status": "affected",
                  "version": "0.8"
                },
                {
                  "status": "affected",
                  "version": "0.9"
                },
                {
                  "status": "affected",
                  "version": "0.10"
                },
                {
                  "status": "affected",
                  "version": "0.11"
                },
                {
                  "status": "affected",
                  "version": "0.12.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-j (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "Improper Neutralization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T03:45:08.230Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367500 | NousResearch hermes-agent run_agent.py _compress_context injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367500"
            },
            {
              "name": "VDB-367500 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367500/cti"
            },
            {
              "name": "CVE-2026-10221 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10221"
            },
            {
              "name": "Submit #822019 | NousResearch hermes-agent \u003c= 0.12.0 Injection (CWE-74)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/822019"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/d343fcfe2c009cd45f56dc475fd5ac03"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T09:56:40.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent run_agent.py _compress_context injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10221",
        "datePublished": "2026-06-01T03:45:08.230Z",
        "dateReserved": "2026-05-31T07:51:23.739Z",
        "dateUpdated": "2026-06-03T16:10:30.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10220 (GCVE-0-2026-10220)

    Vulnerability from nvd – Published: 2026-06-01 03:30 – Updated: 2026-06-02 15:01
    VLAI
    Title
    NousResearch hermes-agent skills_tool.py skill_view injection
    Summary
    A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367499 vdb-entrytechnical-description
    https://vuldb.com/vuln/367499/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10220 third-party-advisory
    https://vuldb.com/submit/822018 third-party-advisory
    https://gist.github.com/YLChen-007/9dd399c6f75b31… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
    Affected: 2026.4.24
    Affected: 2026.4.25
    Affected: 2026.4.26
    Affected: 2026.4.27
    Affected: 2026.4.28
    Affected: 2026.4.29
    Affected: 2026.4.30
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-j (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10220",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T15:00:49.932890Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T15:01:06.947Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                },
                {
                  "status": "affected",
                  "version": "2026.4.24"
                },
                {
                  "status": "affected",
                  "version": "2026.4.25"
                },
                {
                  "status": "affected",
                  "version": "2026.4.26"
                },
                {
                  "status": "affected",
                  "version": "2026.4.27"
                },
                {
                  "status": "affected",
                  "version": "2026.4.28"
                },
                {
                  "status": "affected",
                  "version": "2026.4.29"
                },
                {
                  "status": "affected",
                  "version": "2026.4.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-j (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "Improper Neutralization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T03:30:09.923Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367499 | NousResearch hermes-agent skills_tool.py skill_view injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367499"
            },
            {
              "name": "VDB-367499 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367499/cti"
            },
            {
              "name": "CVE-2026-10220 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10220"
            },
            {
              "name": "Submit #822018 | NousResearch hermes-agent \u003c= v2026.4.30 Improper Input Validation (CWE-20)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/822018"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/9dd399c6f75b31fa741a613dfd41de08"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T09:56:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent skills_tool.py skill_view injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10220",
        "datePublished": "2026-06-01T03:30:09.923Z",
        "dateReserved": "2026-05-31T07:51:21.351Z",
        "dateUpdated": "2026-06-02T15:01:06.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15311 (GCVE-0-2026-15311)

    Vulnerability from cvelistv5 – Published: 2026-07-09 23:45 – Updated: 2026-07-10 14:12
    VLAI
    Title
    NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting
    Summary
    A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.5.29.0
    Affected: 2026.5.29.1
    Affected: 2026.5.29.2
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-d (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15311",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T14:12:35.059940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T14:12:45.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Matrix Adapter"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.5.29.0"
                },
                {
                  "status": "affected",
                  "version": "2026.5.29.1"
                },
                {
                  "status": "affected",
                  "version": "2026.5.29.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-d (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T23:45:10.318Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377247 | NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377247"
            },
            {
              "name": "VDB-377247 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377247/cti"
            },
            {
              "name": "CVE-2026-15311 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15311"
            },
            {
              "name": "Submit #852843 | NousResearch hermes-agent 2026.5.29.2 Cross-site Scripting (CWE-79)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852843"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/issues/42667"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/42759"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T19:54:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15311",
        "datePublished": "2026-07-09T23:45:10.318Z",
        "dateReserved": "2026-07-09T17:49:30.256Z",
        "dateUpdated": "2026-07-10T14:12:45.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14783 (GCVE-0-2026-14783)

    Vulnerability from cvelistv5 – Published: 2026-07-05 23:45 – Updated: 2026-07-06 17:39 X_Open Source
    VLAI
    Title
    NousResearch hermes-agent skills_tool.py skill_view path traversal
    Summary
    A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skill_view of the file tools/skills_tool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 56f833efa427ccb444c0f9ad1759af1012f2124d. It is advisable to implement a patch to correct this issue.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.5.29.2
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-y (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14783",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:39:52.184423Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:39:58.056Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/847502"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.5.29.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-y (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skill_view of the file tools/skills_tool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 56f833efa427ccb444c0f9ad1759af1012f2124d. It is advisable to implement a patch to correct this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T23:45:10.833Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376373 | NousResearch hermes-agent skills_tool.py skill_view path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376373"
            },
            {
              "name": "VDB-376373 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376373/cti"
            },
            {
              "name": "CVE-2026-14783 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14783"
            },
            {
              "name": "Submit #847502 | NousResearch hermes-agent 2026.5.29.2 Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (CWE-22)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/847502"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/issues/38643"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/40566"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/commit/56f833efa427ccb444c0f9ad1759af1012f2124d"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T16:05:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent skills_tool.py skill_view path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14783",
        "datePublished": "2026-07-05T23:45:10.833Z",
        "dateReserved": "2026-07-05T14:00:38.992Z",
        "dateUpdated": "2026-07-06T17:39:58.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14628 (GCVE-0-2026-14628)

    Vulnerability from cvelistv5 – Published: 2026-07-04 13:00 – Updated: 2026-07-06 16:25
    VLAI
    Title
    NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal
    Summary
    A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376144 vdb-entrytechnical-description
    https://vuldb.com/vuln/376144/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14628 third-party-advisory
    https://vuldb.com/submit/845599 third-party-advisory
    https://gist.github.com/YLChen-007/8af7eff27b50be… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.5.0
    Affected: 2026.5.1
    Affected: 2026.5.2
    Affected: 2026.5.3
    Affected: 2026.5.4
    Affected: 2026.5.5
    Affected: 2026.5.6
    Affected: 2026.5.7
    Affected: 2026.5.8
    Affected: 2026.5.9
    Affected: 2026.5.10
    Affected: 2026.5.11
    Affected: 2026.5.12
    Affected: 2026.5.13
    Affected: 2026.5.14
    Affected: 2026.5.15
    Affected: 2026.5.16
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-a (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14628",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:25:04.744864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:25:15.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Live Webhook Endpoint"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.5.0"
                },
                {
                  "status": "affected",
                  "version": "2026.5.1"
                },
                {
                  "status": "affected",
                  "version": "2026.5.2"
                },
                {
                  "status": "affected",
                  "version": "2026.5.3"
                },
                {
                  "status": "affected",
                  "version": "2026.5.4"
                },
                {
                  "status": "affected",
                  "version": "2026.5.5"
                },
                {
                  "status": "affected",
                  "version": "2026.5.6"
                },
                {
                  "status": "affected",
                  "version": "2026.5.7"
                },
                {
                  "status": "affected",
                  "version": "2026.5.8"
                },
                {
                  "status": "affected",
                  "version": "2026.5.9"
                },
                {
                  "status": "affected",
                  "version": "2026.5.10"
                },
                {
                  "status": "affected",
                  "version": "2026.5.11"
                },
                {
                  "status": "affected",
                  "version": "2026.5.12"
                },
                {
                  "status": "affected",
                  "version": "2026.5.13"
                },
                {
                  "status": "affected",
                  "version": "2026.5.14"
                },
                {
                  "status": "affected",
                  "version": "2026.5.15"
                },
                {
                  "status": "affected",
                  "version": "2026.5.16"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-a (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T13:00:08.104Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376144 | NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376144"
            },
            {
              "name": "VDB-376144 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376144/cti"
            },
            {
              "name": "CVE-2026-14628 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14628"
            },
            {
              "name": "Submit #845599 | NousResearch Hermes Agent \u003c= v2026.5.16 Path Traversal / Improper Limitation of a Pathname to a Restricted Directory (CWE-22)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/845599"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/8af7eff27b50bec24b2d0f76dd1c4383"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T19:13:07.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14628",
        "datePublished": "2026-07-04T13:00:08.104Z",
        "dateReserved": "2026-07-03T17:07:53.319Z",
        "dateUpdated": "2026-07-06T16:25:15.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14627 (GCVE-0-2026-14627)

    Vulnerability from cvelistv5 – Published: 2026-07-04 12:45 – Updated: 2026-07-06 16:51
    VLAI
    Title
    NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication
    Summary
    A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376143 vdb-entrytechnical-description
    https://vuldb.com/vuln/376143/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14627 third-party-advisory
    https://vuldb.com/submit/845598 third-party-advisory
    https://gist.github.com/YLChen-007/d030c690b10a97… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 0.15.0
    Affected: 0.15.1
    Affected: 0.15.2
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-a (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14627",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:36:18.904042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:51:32.667Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Discord Platform Integration"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.15.0"
                },
                {
                  "status": "affected",
                  "version": "0.15.1"
                },
                {
                  "status": "affected",
                  "version": "0.15.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-a (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.1,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T12:45:06.333Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376143 | NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376143"
            },
            {
              "name": "VDB-376143 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376143/cti"
            },
            {
              "name": "CVE-2026-14627 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14627"
            },
            {
              "name": "Submit #845598 | NousResearch Hermes Agent \u003c= 75cbdfd06b Improper Authentication (CWE-287)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/845598"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/d030c690b10a97319efb129ca2f5badb"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T19:13:04.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14627",
        "datePublished": "2026-07-04T12:45:06.333Z",
        "dateReserved": "2026-07-03T17:07:50.732Z",
        "dateUpdated": "2026-07-06T16:51:32.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14626 (GCVE-0-2026-14626)

    Vulnerability from cvelistv5 – Published: 2026-07-04 12:00 – Updated: 2026-07-07 02:29
    VLAI
    Title
    NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service
    Summary
    A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376142 vdb-entrytechnical-description
    https://vuldb.com/vuln/376142/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14626 third-party-advisory
    https://vuldb.com/submit/845596 third-party-advisory
    https://gist.github.com/YLChen-007/b91a85f9448bea… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
    Affected: 2026.4.24
    Affected: 2026.4.25
    Affected: 2026.4.26
    Affected: 2026.4.27
    Affected: 2026.4.28
    Affected: 2026.4.29
    Affected: 2026.4.30
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-a (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14626",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T02:29:16.781487Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T02:29:27.952Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP API"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                },
                {
                  "status": "affected",
                  "version": "2026.4.24"
                },
                {
                  "status": "affected",
                  "version": "2026.4.25"
                },
                {
                  "status": "affected",
                  "version": "2026.4.26"
                },
                {
                  "status": "affected",
                  "version": "2026.4.27"
                },
                {
                  "status": "affected",
                  "version": "2026.4.28"
                },
                {
                  "status": "affected",
                  "version": "2026.4.29"
                },
                {
                  "status": "affected",
                  "version": "2026.4.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-a (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T12:00:07.960Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376142 | NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376142"
            },
            {
              "name": "VDB-376142 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376142/cti"
            },
            {
              "name": "CVE-2026-14626 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14626"
            },
            {
              "name": "Submit #845596 | NousResearch Hermes Agent \u003c= v2026.4.30 Insufficient Verification of Data Authenticity (CWE-345)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/845596"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/b91a85f9448beadebe25d37a3f4fd760"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T19:13:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14626",
        "datePublished": "2026-07-04T12:00:07.960Z",
        "dateReserved": "2026-07-03T17:07:48.069Z",
        "dateUpdated": "2026-07-07T02:29:27.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14625 (GCVE-0-2026-14625)

    Vulnerability from cvelistv5 – Published: 2026-07-04 11:30 – Updated: 2026-07-06 17:12
    VLAI
    Title
    NousResearch hermes-agent server.py shell.exec protection mechanism
    Summary
    A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376141 vdb-entrytechnical-description
    https://vuldb.com/vuln/376141/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14625 third-party-advisory
    https://vuldb.com/submit/845595 third-party-advisory
    https://gist.github.com/YLChen-007/3b11589740dcf1… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 0.15.0
    Affected: 0.15.1
    Affected: 0.15.2
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-a (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14625",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:12:07.602124Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:12:17.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.15.0"
                },
                {
                  "status": "affected",
                  "version": "0.15.1"
                },
                {
                  "status": "affected",
                  "version": "0.15.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-a (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T11:30:07.910Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376141 | NousResearch hermes-agent server.py shell.exec protection mechanism",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376141"
            },
            {
              "name": "VDB-376141 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376141/cti"
            },
            {
              "name": "CVE-2026-14625 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14625"
            },
            {
              "name": "Submit #845595 | NousResearch Hermes Agent 75cbdfd06bb041936f164c8d75ac518b2cb4fec0 Protection Mechanism Failure (CWE-693)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/845595"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/3b11589740dcf16b152b0929e1b3d024"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T19:12:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent server.py shell.exec protection mechanism"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14625",
        "datePublished": "2026-07-04T11:30:07.910Z",
        "dateReserved": "2026-07-03T17:07:45.760Z",
        "dateUpdated": "2026-07-06T17:12:17.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14617 (GCVE-0-2026-14617)

    Vulnerability from cvelistv5 – Published: 2026-07-03 21:45 – Updated: 2026-07-06 19:40
    VLAI
    Title
    NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStreamConsumer._filter_and_accumulate case sensitivity
    Summary
    A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case sensitivity. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The project decided to not implement a dedicated fix: "[T]he analysis and the fix are both sound. It just lands below the bar for the maintenance cost of a duplicated scrub path."
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-178 - Improper Handling of Case Sensitivity
    • CWE-697 - Incorrect Comparison
    Assigner
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
    Affected: 2026.4.24
    Affected: 2026.4.25
    Affected: 2026.4.26
    Affected: 2026.4.27
    Affected: 2026.4.28
    Affected: 2026.4.29
    Affected: 2026.4.30
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-a (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14617",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T19:40:08.738335Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T19:40:14.670Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/844654"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Streaming Reasoning Tag Filter"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                },
                {
                  "status": "affected",
                  "version": "2026.4.24"
                },
                {
                  "status": "affected",
                  "version": "2026.4.25"
                },
                {
                  "status": "affected",
                  "version": "2026.4.26"
                },
                {
                  "status": "affected",
                  "version": "2026.4.27"
                },
                {
                  "status": "affected",
                  "version": "2026.4.28"
                },
                {
                  "status": "affected",
                  "version": "2026.4.29"
                },
                {
                  "status": "affected",
                  "version": "2026.4.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-a (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case sensitivity. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The project decided to not implement a dedicated fix: \"[T]he analysis and the fix are both sound. It just lands below the bar for the maintenance cost of a duplicated scrub path.\""
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.1,
                "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-178",
                  "description": "Improper Handling of Case Sensitivity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-697",
                  "description": "Incorrect Comparison",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T21:45:10.246Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376134 | NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStreamConsumer._filter_and_accumulate case sensitivity",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376134"
            },
            {
              "name": "VDB-376134 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376134/cti"
            },
            {
              "name": "CVE-2026-14617 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14617"
            },
            {
              "name": "Submit #844654 | Nous Research hermes-agent v2026.4.30 Improper Handling of Case Sensitivity Leading to Information Disclosure (CWE-178)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/844654"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/issues/27288"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/28631#issuecomment-4622188016"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/2229e5505bcbb3e15a7ae8fba4c4be37"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-03T18:36:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStreamConsumer._filter_and_accumulate case sensitivity"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14617",
        "datePublished": "2026-07-03T21:45:10.246Z",
        "dateReserved": "2026-07-03T16:31:16.337Z",
        "dateUpdated": "2026-07-06T19:40:14.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53870 (GCVE-0-2026-53870)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:57 – Updated: 2026-06-17 18:39 X_Open Source
    VLAI
    Title
    Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files
    Summary
    Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 0 , < 0.16.0 (semver)
    Unaffected: 0.16.0 (semver)
    Create a notification for this product.
    Date Public
    2026-05-24 00:00
    Credits
    Chia Min Jun Lennon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53870",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:39:20.486749Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:39:35.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/NousResearch/hermes-agent/pull/30917"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/hermes-agent",
              "product": "hermes-agent",
              "repo": "https://github.com/NousResearch/hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "lessThan": "0.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.16.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chia Min Jun Lennon"
            }
          ],
          "datePublic": "2026-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:57:58.314Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Release Notes",
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/releases/tag/v2026.6.5"
            },
            {
              "name": "Researcher Pull Request",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/30917"
            },
            {
              "name": "Maintainer Pull Request",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/31469"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/commit/3bace071bfadf2d2bec2ee048471a31ec920e3e8"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/hermes-agent-sensitive-file-permission-vulnerability-in-store-files"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "title": "Hermes Agent \u003c 0.16.0 - Sensitive File Permission Vulnerability in Store Files",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-53870",
        "datePublished": "2026-06-17T17:57:58.314Z",
        "dateReserved": "2026-06-10T21:23:54.283Z",
        "dateUpdated": "2026-06-17T18:39:35.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53869 (GCVE-0-2026-53869)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:57 – Updated: 2026-06-18 15:29 X_Open Source
    VLAI
    Title
    Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints
    Summary
    Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling attackers to exploit DNS rebinding and inject malicious commands or read terminal output.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 0 , < 0.16.0 (semver)
    Unaffected: 0.16.0 (semver)
    Create a notification for this product.
    Date Public
    2026-05-24 00:00
    Credits
    Chia Min Jun Lennon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53869",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T15:28:51.075482Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T15:29:39.022Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/hermes-agent",
              "product": "hermes-agent",
              "repo": "https://github.com/NousResearch/hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "lessThan": "0.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.16.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chia Min Jun Lennon"
            }
          ],
          "datePublic": "2026-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling attackers to exploit DNS rebinding and inject malicious commands or read terminal output."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:57:30.978Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Release Notes",
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/releases/tag/v2026.6.5"
            },
            {
              "name": "Researcher Pull Request",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/30221"
            },
            {
              "name": "Maintainer Pull Request",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/pull/31685"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/NousResearch/hermes-agent/commit/d9ec90585cf7616b5972e44cf8d92bb569fc3feb"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/hermes-agent-dns-rebinding-bypass-via-websocket-endpoints"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "title": "Hermes Agent \u003c 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-53869",
        "datePublished": "2026-06-17T17:57:30.978Z",
        "dateReserved": "2026-06-10T21:23:54.283Z",
        "dateUpdated": "2026-06-18T15:29:39.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11461 (GCVE-0-2026-11461)

    Vulnerability from cvelistv5 – Published: 2026-06-07 21:45 – Updated: 2026-06-09 14:48
    VLAI
    Title
    NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization
    Summary
    A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 0.1
    Affected: 0.2
    Affected: 0.3
    Affected: 0.4
    Affected: 0.5
    Affected: 0.6
    Affected: 0.7
    Affected: 0.8
    Affected: 0.9
    Affected: 0.10
    Affected: 0.11
    Affected: 0.12.0
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-b (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11461",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:48:20.842250Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:48:38.386Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/829402"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "resume Endpoint"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.1"
                },
                {
                  "status": "affected",
                  "version": "0.2"
                },
                {
                  "status": "affected",
                  "version": "0.3"
                },
                {
                  "status": "affected",
                  "version": "0.4"
                },
                {
                  "status": "affected",
                  "version": "0.5"
                },
                {
                  "status": "affected",
                  "version": "0.6"
                },
                {
                  "status": "affected",
                  "version": "0.7"
                },
                {
                  "status": "affected",
                  "version": "0.8"
                },
                {
                  "status": "affected",
                  "version": "0.9"
                },
                {
                  "status": "affected",
                  "version": "0.10"
                },
                {
                  "status": "affected",
                  "version": "0.11"
                },
                {
                  "status": "affected",
                  "version": "0.12.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-b (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T21:45:09.216Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369081 | NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/369081"
            },
            {
              "name": "VDB-369081 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369081/cti"
            },
            {
              "name": "CVE-2026-11461 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11461"
            },
            {
              "name": "Submit #829402 | NousResearch hermes-agent \u003c= v0.12.0 Authorization Bypass Through User-Controlled Key (CWE-639)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/829402"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/c2d162e9c8d39584223683cdcba98607"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T09:33:10.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11461",
        "datePublished": "2026-06-07T21:45:09.216Z",
        "dateReserved": "2026-06-07T07:28:06.447Z",
        "dateUpdated": "2026-06-09T14:48:38.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10548 (GCVE-0-2026-10548)

    Vulnerability from cvelistv5 – Published: 2026-06-02 00:30 – Updated: 2026-06-03 13:53
    VLAI
    Title
    NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication
    Summary
    A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367645 vdb-entrytechnical-description
    https://vuldb.com/vuln/367645/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10548 third-party-advisory
    https://vuldb.com/submit/822026 third-party-advisory
    https://gist.github.com/YLChen-007/caf38652afeccb… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-j (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10548",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T13:52:49.345677Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T13:53:36.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/822026"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Credential Pool Synchronization"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-j (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T00:30:09.704Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367645 | NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367645"
            },
            {
              "name": "VDB-367645 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367645/cti"
            },
            {
              "name": "CVE-2026-10548 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10548"
            },
            {
              "name": "Submit #822026 | NousResearch hermes-agent \u003c= v2026.4.23 Improper Authentication (CWE-287)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/822026"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/caf38652afeccbbd53a9d77152b6198d"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-01T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-01T15:33:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10548",
        "datePublished": "2026-06-02T00:30:09.704Z",
        "dateReserved": "2026-06-01T13:28:23.195Z",
        "dateUpdated": "2026-06-03T13:53:36.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10224 (GCVE-0-2026-10224)

    Vulnerability from cvelistv5 – Published: 2026-06-01 04:30 – Updated: 2026-06-01 15:23
    VLAI
    Title
    NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption
    Summary
    A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367503 vdb-entrytechnical-description
    https://vuldb.com/vuln/367503/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10224 third-party-advisory
    https://vuldb.com/submit/822022 third-party-advisory
    https://gist.github.com/YLChen-007/0304e313d811f1… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
    Affected: 2026.4.24
    Affected: 2026.4.25
    Affected: 2026.4.26
    Affected: 2026.4.27
    Affected: 2026.4.28
    Affected: 2026.4.29
    Affected: 2026.4.30
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-j (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10224",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T15:17:27.870597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T15:23:38.699Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Webhook Endpoint"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                },
                {
                  "status": "affected",
                  "version": "2026.4.24"
                },
                {
                  "status": "affected",
                  "version": "2026.4.25"
                },
                {
                  "status": "affected",
                  "version": "2026.4.26"
                },
                {
                  "status": "affected",
                  "version": "2026.4.27"
                },
                {
                  "status": "affected",
                  "version": "2026.4.28"
                },
                {
                  "status": "affected",
                  "version": "2026.4.29"
                },
                {
                  "status": "affected",
                  "version": "2026.4.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-j (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T04:30:08.987Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367503 | NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367503"
            },
            {
              "name": "VDB-367503 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367503/cti"
            },
            {
              "name": "CVE-2026-10224 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10224"
            },
            {
              "name": "Submit #822022 | NousResearch hermes-agent \u003c= v2026.4.30 Uncontrolled Resource Consumption (CWE-400)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/822022"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/0304e313d811f187ade93d3b01de0f87"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T09:56:48.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10224",
        "datePublished": "2026-06-01T04:30:08.987Z",
        "dateReserved": "2026-05-31T07:51:32.069Z",
        "dateUpdated": "2026-06-01T15:23:38.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10223 (GCVE-0-2026-10223)

    Vulnerability from cvelistv5 – Published: 2026-06-01 04:15 – Updated: 2026-06-01 14:56
    VLAI
    Title
    NousResearch hermes-agent memory_tool.py _scan_memory_content injection
    Summary
    A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367502 vdb-entrytechnical-description
    https://vuldb.com/vuln/367502/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10223 third-party-advisory
    https://vuldb.com/submit/822021 third-party-advisory
    https://gist.github.com/YLChen-007/a1fb77ad2488c5… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
    Affected: 2026.4.24
    Affected: 2026.4.25
    Affected: 2026.4.26
    Affected: 2026.4.27
    Affected: 2026.4.28
    Affected: 2026.4.29
    Affected: 2026.4.30
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-j (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10223",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T14:56:41.408760Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T14:56:52.653Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                },
                {
                  "status": "affected",
                  "version": "2026.4.24"
                },
                {
                  "status": "affected",
                  "version": "2026.4.25"
                },
                {
                  "status": "affected",
                  "version": "2026.4.26"
                },
                {
                  "status": "affected",
                  "version": "2026.4.27"
                },
                {
                  "status": "affected",
                  "version": "2026.4.28"
                },
                {
                  "status": "affected",
                  "version": "2026.4.29"
                },
                {
                  "status": "affected",
                  "version": "2026.4.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-j (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "Improper Neutralization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T04:15:05.930Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367502 | NousResearch hermes-agent memory_tool.py _scan_memory_content injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367502"
            },
            {
              "name": "VDB-367502 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367502/cti"
            },
            {
              "name": "CVE-2026-10223 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10223"
            },
            {
              "name": "Submit #822021 | NousResearch hermes-agent \u003c= v2026.4.30 Injection (CWE-74)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/822021"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/a1fb77ad2488c545a35d0f66356ea7b4"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T09:56:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent memory_tool.py _scan_memory_content injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10223",
        "datePublished": "2026-06-01T04:15:05.930Z",
        "dateReserved": "2026-05-31T07:51:29.252Z",
        "dateUpdated": "2026-06-01T14:56:52.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10222 (GCVE-0-2026-10222)

    Vulnerability from cvelistv5 – Published: 2026-06-01 04:00 – Updated: 2026-06-01 13:16
    VLAI
    Title
    NousResearch hermes-agent config.py _sanitize_env_lines injection
    Summary
    A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/367501 vdb-entrytechnical-description
    https://vuldb.com/vuln/367501/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-10222 third-party-advisory
    https://vuldb.com/submit/822020 third-party-advisory
    https://gist.github.com/YLChen-007/7ee2eeaa383b35… exploit
    Impacted products
    Vendor Product Version
    NousResearch hermes-agent Affected: 2026.4.0
    Affected: 2026.4.1
    Affected: 2026.4.2
    Affected: 2026.4.3
    Affected: 2026.4.4
    Affected: 2026.4.5
    Affected: 2026.4.6
    Affected: 2026.4.7
    Affected: 2026.4.8
    Affected: 2026.4.9
    Affected: 2026.4.10
    Affected: 2026.4.11
    Affected: 2026.4.12
    Affected: 2026.4.13
    Affected: 2026.4.14
    Affected: 2026.4.15
    Affected: 2026.4.16
    Affected: 2026.4.17
    Affected: 2026.4.18
    Affected: 2026.4.19
    Affected: 2026.4.20
    Affected: 2026.4.21
    Affected: 2026.4.22
    Affected: 2026.4.23
    Affected: 2026.4.24
    Affected: 2026.4.25
    Affected: 2026.4.26
    Affected: 2026.4.27
    Affected: 2026.4.28
    Affected: 2026.4.29
    Affected: 2026.4.30
        cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-j (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10222",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T13:16:15.346798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T13:16:34.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
              ],
              "product": "hermes-agent",
              "vendor": "NousResearch",
              "versions": [
                {
                  "status": "affected",
                  "version": "2026.4.0"
                },
                {
                  "status": "affected",
                  "version": "2026.4.1"
                },
                {
                  "status": "affected",
                  "version": "2026.4.2"
                },
                {
                  "status": "affected",
                  "version": "2026.4.3"
                },
                {
                  "status": "affected",
                  "version": "2026.4.4"
                },
                {
                  "status": "affected",
                  "version": "2026.4.5"
                },
                {
                  "status": "affected",
                  "version": "2026.4.6"
                },
                {
                  "status": "affected",
                  "version": "2026.4.7"
                },
                {
                  "status": "affected",
                  "version": "2026.4.8"
                },
                {
                  "status": "affected",
                  "version": "2026.4.9"
                },
                {
                  "status": "affected",
                  "version": "2026.4.10"
                },
                {
                  "status": "affected",
                  "version": "2026.4.11"
                },
                {
                  "status": "affected",
                  "version": "2026.4.12"
                },
                {
                  "status": "affected",
                  "version": "2026.4.13"
                },
                {
                  "status": "affected",
                  "version": "2026.4.14"
                },
                {
                  "status": "affected",
                  "version": "2026.4.15"
                },
                {
                  "status": "affected",
                  "version": "2026.4.16"
                },
                {
                  "status": "affected",
                  "version": "2026.4.17"
                },
                {
                  "status": "affected",
                  "version": "2026.4.18"
                },
                {
                  "status": "affected",
                  "version": "2026.4.19"
                },
                {
                  "status": "affected",
                  "version": "2026.4.20"
                },
                {
                  "status": "affected",
                  "version": "2026.4.21"
                },
                {
                  "status": "affected",
                  "version": "2026.4.22"
                },
                {
                  "status": "affected",
                  "version": "2026.4.23"
                },
                {
                  "status": "affected",
                  "version": "2026.4.24"
                },
                {
                  "status": "affected",
                  "version": "2026.4.25"
                },
                {
                  "status": "affected",
                  "version": "2026.4.26"
                },
                {
                  "status": "affected",
                  "version": "2026.4.27"
                },
                {
                  "status": "affected",
                  "version": "2026.4.28"
                },
                {
                  "status": "affected",
                  "version": "2026.4.29"
                },
                {
                  "status": "affected",
                  "version": "2026.4.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-j (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.1,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "Improper Neutralization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T04:00:11.313Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367501 | NousResearch hermes-agent config.py _sanitize_env_lines injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367501"
            },
            {
              "name": "VDB-367501 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367501/cti"
            },
            {
              "name": "CVE-2026-10222 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10222"
            },
            {
              "name": "Submit #822020 | NousResearch hermes-agent \u003c= v2026.4.30 Injection (CWE-74)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/822020"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/7ee2eeaa383b3540d2e8854250c03fb0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T09:56:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NousResearch hermes-agent config.py _sanitize_env_lines injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10222",
        "datePublished": "2026-06-01T04:00:11.313Z",
        "dateReserved": "2026-05-31T07:51:26.584Z",
        "dateUpdated": "2026-06-01T13:16:34.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }