PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-9351 NousResearch CVE debrief

A path traversal vulnerability exists in NousResearch hermes-agent up to version 2026.4.16, specifically within the `_is_blocked_device` function in `tools/file_tools.py`. The flaw affects the `read_file` tool component and can be exploited remotely to perform unauthorized file system operations. The vulnerability was disclosed publicly on 2026-05-24 after the vendor was contacted but did not respond. A public exploit has been released, increasing the risk of active exploitation. The CVSS 4.0 vector indicates network attack vector with low integrity and availability impact.

Vendor
NousResearch
Product
hermes-agent
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-24
Original CVE updated
2026-05-26
Advisory published
2026-05-24
Advisory updated
2026-05-26

Who should care

Organizations running NousResearch hermes-agent for AI/ML workflows; security teams managing agent-based file processing pipelines; developers implementing custom file tool handlers based on hermes-agent patterns

Technical summary

The vulnerability resides in the `_is_blocked_device` function within `tools/file_tools.py` of NousResearch hermes-agent versions up to 2026.4.16. Insufficient path validation in the `read_file` tool allows attackers to traverse directory structures and access files outside intended boundaries. The attack vector is network-accessible with low attack complexity. Public exploit availability elevates practical risk despite medium CVSS severity.

Defensive priority

medium

Recommended defensive actions

  • Upgrade NousResearch hermes-agent to a version newer than 2026.4.16 if available, or apply vendor-provided patches
  • Review and restrict file system access permissions for the hermes-agent application
  • Implement input validation and path sanitization for all file operations in custom deployments
  • Monitor for anomalous file access patterns in applications using hermes-agent
  • Consider network segmentation to limit exposure of hermes-agent instances
  • Review gist content referenced in source materials for additional technical indicators

Evidence notes

Vulnerability identified in hermes-agent `_is_blocked_device` function; public exploit available per Vuldb submission 812214 and CVE record. Vendor non-responsive to disclosure. CWE-22 (Path Traversal) classification confirmed.

Official resources

2026-05-24