PatchSiren cyber security CVE debrief
CVE-2026-49957 nesquena CVE debrief
CVE-2026-49957 is a MEDIUM severity vulnerability in Hermes WebUI prior to version 0.51.296. Authenticated attackers can bypass blocked-root path checks, read access to local system files through workspace file-read helpers.
- Vendor
- nesquena
- Product
- hermes-webui
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of Hermes WebUI prior to version 0.51.296
Technical summary
Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within _remote_terminal_workspace_candidate(). Attackers can configure a remote terminal working directory to a system directory such as /etc, causing the workspace resolution path to accept it as a trusted local workspace root before the _is_blocked_workspace_path() guard executes, enabling read access to local system files through workspace file-read helpers.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade Hermes WebUI to version 0.51.296 or later.
- Restrict access to sensitive system directories.
- Monitor for suspicious activity in workspace file-read helpers.
Evidence notes
CVE-2026-49957 has a CVSS score of 6.3 and is classified as MEDIUM severity.
Official resources
CVE-2026-49957 was published on 2026-06-09T17:17:49.083Z and modified on 2026-06-10T14:16:34.910Z.