PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-58123 nesquena CVE debrief

CVE-2026-58123 is a critical unauthenticated remote code execution vulnerability in Hermes WebUI versions before 0.51.788. The vulnerability allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. This is achieved through four sequential unauthenticated HTTP requests to create a session, attach a PTY shell, and write arbitrary commands through the terminal input endpoint, resulting in full command execution as the server process user.

Vendor
nesquena
Product
hermes-webui
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Organizations using Hermes WebUI versions before 0.51.788 should prioritize patching this vulnerability to prevent potential remote code execution attacks. The vulnerability's critical CVSS score of 9.3 indicates a high severity level, emphasizing the need for immediate attention.

Technical summary

The vulnerability exists in Hermes WebUI before version 0.51.788. It allows unauthenticated remote attackers to execute arbitrary shell commands by exploiting the embedded terminal API endpoints. The attack involves four sequential HTTP requests: creating a session, attaching a PTY shell, and writing arbitrary commands through the terminal input endpoint. This results in command execution as the server process user. The vulnerability is tracked under CVE-2026-58123 and has a CVSS score of 9.3, classified as Critical.

Defensive priority

High

Recommended defensive actions

  • Apply the patch: Upgrade Hermes WebUI to version 0.51.788 or later to fix the vulnerability.
  • Inventory and monitor: Check for and monitor instances of Hermes WebUI in your environment.
  • Restrict access: Limit access to the Hermes WebUI to trusted users and networks.
  • Implement compensating controls: Consider implementing additional security controls, such as web application firewalls, to detect and prevent exploitation attempts.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.

Evidence notes

The CVE record was published on 2026-07-09T22:17:09.517Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The vulnerability details are based on information from Vulncheck and other sources.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T22:17:09.517Z and has not been modified since then. The NVD entry is currently in the 'Received' status.