PatchSiren cyber security CVE debrief
CVE-2026-53871 nesquena CVE debrief
CVE-2026-53871 is a high-severity authorization bypass vulnerability in Hermes WebUI before version 0.51.368. The vulnerability exists in the get_profile_cookie() function, which accepts unauthenticated profile names from the hermes_profile cookie. An authenticated attacker can exploit this by forging the hermes_profile cookie value to bypass profile-scoped authorization checks. This allows the attacker to access sessions, files, and resources across different profiles. The vulnerability has a CVSS score of 8.6 and is considered HIGH severity. Users of affected Hermes WebUI versions should update to version 0.51.368 or later to mitigate this vulnerability.
- Vendor
- nesquena
- Product
- hermes-webui
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Administrators and users of Hermes WebUI, especially those with multiple profiles configured, should be aware of this vulnerability. An authenticated attacker with the ability to forge the hermes_profile cookie can bypass authorization checks and access sensitive information across profiles.
Technical summary
The get_profile_cookie() function in Hermes WebUI before 0.51.368 does not properly validate the hermes_profile cookie. An authenticated attacker can manipulate this cookie to access profiles other than their own. The vulnerability is due to inadequate authorization checks when processing the hermes_profile cookie. This allows for unauthorized access to sessions, files, and resources of other profiles.
Defensive priority
High
Recommended defensive actions
- Update Hermes WebUI to version 0.51.368 or later
- Implement additional monitoring for suspicious hermes_profile cookie values
- Restrict access to sensitive profiles and resources
- Use secure cookie flags to protect the hermes_profile cookie
- Regularly review and update access controls for profiles and resources
- Consider implementing additional authentication factors for profile access
Evidence notes
The information provided is based on data from NVD and Vulncheck. The CVE record and NVD detail pages provide official information about the vulnerability. Additional references include GitHub commits, pull requests, and release notes for Hermes WebUI, as well as a Vulncheck advisory.
Official resources
CVE-2026-53871 was published on 2026-06-17T19:18:11.023Z and modified on 2026-06-18T14:17:30.240Z.