PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-9354 NousResearch CVE debrief

A medium-severity output escaping vulnerability affects NousResearch hermes-agent versions up to 2026.4.16. The flaw resides in the Slack Agent/Mattermost Agent component, where manipulation of the format_message argument can trigger improper output escaping. The vulnerability is remotely exploitable and public exploit availability has been confirmed. The vendor was contacted prior to disclosure but did not respond. The CVE was published on 2026-05-24 and last modified on 2026-05-26.

Vendor
NousResearch
Product
hermes-agent
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-24
Original CVE updated
2026-05-26
Advisory published
2026-05-24
Advisory updated
2026-05-26

Who should care

Organizations deploying NousResearch hermes-agent with Slack or Mattermost integrations, particularly those using automated message formatting through the format_message parameter. Security teams monitoring agent-based messaging infrastructure and developers responsible for agent configuration and message handling pipelines.

Technical summary

CVE-2026-9354 is a medium-severity (CVSS 5.5) vulnerability in NousResearch hermes-agent affecting versions up to 2026.4.16. The vulnerability exists in the Slack Agent/Mattermost Agent component where improper handling of the format_message argument leads to output escaping. The attack can be executed remotely without authentication. Public exploits are available. The vulnerability is associated with CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-116 (Improper Encoding or Escaping of Output). The vendor was notified prior to public disclosure but did not respond.

Defensive priority

medium

Recommended defensive actions

  • Review hermes-agent deployments and identify systems running version 2026.4.16 or earlier
  • Audit Slack Agent and Mattermost Agent configurations for format_message parameter handling
  • Implement input validation and output encoding controls for message formatting functions
  • Monitor for unauthorized access attempts targeting agent messaging components
  • Apply vendor patches when available or consider temporary isolation of affected agent integrations
  • Review application logs for anomalous format_message parameter values

Evidence notes

Vulnerability identified in hermes-agent up to 2026.4.16 affecting Slack Agent/Mattermost Agent component. Attack vector involves format_message argument manipulation leading to output escaping. Public exploit confirmed. Vendor non-responsive to early disclosure contact. CVSS 4.0 vector: AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P. CWE-74 and CWE-116 identified as relevant weaknesses.

Official resources

public