CVE-2026-10220 NousResearch CVE debrief

Who should care

Organizations running NousResearch hermes-agent instances, particularly those exposing skill/plugin functionality to remote or untrusted users. Security teams should prioritize review given public exploit availability and vendor non-response.

Technical summary

The vulnerability exists in the _serve_plugin_skill/skill_view function of tools/skills_tool.py in NousResearch hermes-agent through version 2026.4.30. Insufficient neutralization of special elements allows remote attackers to inject malicious input, leading to injection-based compromise. The attack vector is network-accessible with low attack complexity.

Defensive priority

medium

Recommended defensive actions

• Review and restrict network access to hermes-agent instances where possible.
• Inspect tools/skills_tool.py for the _serve_plugin_skill and skill_view functions; apply input validation and output encoding to mitigate injection risks.
• Monitor for unauthorized or unexpected plugin skill execution in hermes-agent deployments.
• Apply updates from NousResearch if and when a patched version is released.
• Review the publicly disclosed technical details to assess exposure and implement targeted mitigations.

Evidence notes

Vuldb-assigned CVE with CVSS 4.0 vector. CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-707 (Improper Neutralization) are cited as weakness types. The vendor field is marked low-confidence and needs review.

Official resources