MEDIUM
nesquena
CVE published 2026-05-13
CVE-2026-22677
Hermes WebUI versions prior to 0.51.44 contain a path traversal vulnerability in the session import endpoint. An authenticated attacker can exploit this by importing a crafted session with a malicious workspace value that bypasses filesystem root restrictions, then using relative paths in subsequent session file API calls to read arbitrary files accessible to the WebUI process. The vulnerability stems fro [truncated]