CVE-2026-10223 NousResearch CVE debrief

Who should care

Organizations running NousResearch hermes-agent versions up to 2026.4.30, particularly those exposing the agent to network-accessible environments. Security teams monitoring for injection vulnerabilities in AI/ML tooling infrastructure. Defenders tracking publicly disclosed exploits with unresponsive vendors.

Technical summary

The _scan_memory_content function in tools/memory_tool.py of NousResearch hermes-agent (versions up to 2026.4.30) contains an injection weakness exploitable remotely. The vulnerability stems from improper neutralization of special elements (CWE-74/CWE-707), allowing attackers to inject malicious content through the memory scanning functionality. With a CVSS 4.0 score of 2.1, the vulnerability requires low privileges and no user interaction, but impact is limited to low confidentiality, integrity, and availability effects. The exploit has been publicly released, though vendor remediation has not been forthcoming.

Defensive priority

LOW

Recommended defensive actions

• Review and sanitize all inputs to the _scan_memory_content function in tools/memory_tool.py
• Implement proper input validation and neutralization for memory content scanning operations
• Apply principle of least privilege for functions handling external or user-controllable data
• Monitor for updates from NousResearch regarding hermes-agent patches
• Consider restricting network access to hermes-agent deployments until patch availability is confirmed
• Review referenced technical details for specific injection vectors and implement corresponding mitigations

Evidence notes

Vulnerability identified in NousResearch hermes-agent _scan_memory_content function. CVSS 4.0 score of 2.1 (LOW severity). Public exploit available via referenced gist. Vendor non-responsive to disclosure attempts.

Official resources