CVE-2026-53870 NousResearch CVE debrief

Who should care

System administrators and security teams responsible for Hermes Agent installations, especially in multi-user environments, should be aware of this vulnerability. Local users with filesystem access could exploit this issue to gain unauthorized access to sensitive information.

Technical summary

The Hermes Agent, prior to version 0.16.0, creates two files, 'response_store.db' and 'webhook_subscriptions.json', with world-readable permissions (mode 0o644). This allows local users to read these files without requiring special permissions. The files contain sensitive information such as conversation history, tool payloads, prompts, and HMAC secrets. The vulnerability is characterized by a CVSS vector of CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X, resulting in a CVSS score of 6.8, which is classified as medium severity.

Defensive priority

Medium

Recommended defensive actions

• Update Hermes Agent to version 0.16.0 or later to ensure proper file permissions.
• Review and adjust file permissions for existing installations if immediate update is not feasible.
• Monitor Hermes Agent logs and file access for suspicious activity.
• Limit local user access to sensitive directories and files.
• Implement additional security measures such as file access controls and auditing.
• Regularly review and update software dependencies and configurations.

Evidence notes

The information provided is based on the CVE-2026-53870 record and related sources from Vulncheck and NVD. The vulnerability was publicly disclosed on June 17, 2026, and the Hermes Agent team has released a fix in version 0.16.0.

Official resources