CVE-2026-10222 NousResearch CVE debrief

Who should care

Organizations running hermes-agent versions up to 2026.4.30 with exposed management or configuration interfaces.

Technical summary

The _sanitize_env_lines function in hermes_cli/config.py of NousResearch hermes-agent (up to 2026.4.30) fails to properly neutralize special elements, resulting in an injection condition. The vulnerability is network-accessible but requires high attack complexity. A public exploit exists. No vendor fix is currently available.

Defensive priority

low

Recommended defensive actions

• Review hermes_cli/config.py in hermes-agent deployments and apply input validation or neutralization controls to the _sanitize_env_lines function if local code review confirms the vulnerability.
• Monitor NVD and vendor channels for an official patch or advisory for hermes-agent.
• Restrict network access to hermes-agent management interfaces where feasible, given remote exploitability.
• Assess whether hermes-agent instances are deployed in environments where the reported injection could affect downstream components.

Evidence notes

CVE published 2026-06-01. CVSS 4.0 score of 2.9 (LOW). Attack vector is network-based with high complexity. CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-707 (Improper Neutralization) identified. Vendor attribution derived from Vuldb reference domain with low confidence and requires review.

Official resources