PatchSiren

NousResearch CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW NousResearch CVE published 2026-07-10

CVE-2026-15311

A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acce [truncated]

MEDIUM NousResearch CVE published 2026-07-04

CVE-2026-14628

CVE-2026-14628 is a path traversal vulnerability detected in NousResearch hermes-agent up to version 2026.5.16. The vulnerability specifically impacts the function extract_media in the file gateway/platforms/base.py within the Live Webhook Endpoint component. An attacker can manipulate this function to perform a path traversal attack, which may be initiated remotely. The exploit for this vulnerability is [truncated]

LOW NousResearch CVE published 2026-07-04

CVE-2026-14627

CVE-2026-14627 is a security vulnerability detected in NousResearch hermes-agent up to version 0.15.2. The vulnerability affects the Discord platform integration, specifically the DiscordAdapter._is_allowed_user function in the gateway/platforms/discord.py file. This manipulation leads to improper authentication. The attack can be launched remotely with high complexity and is reported to be difficult to e [truncated]

LOW NousResearch CVE published 2026-07-04

CVE-2026-14626

CVE-2026-14626 is a weakness in the NousResearch hermes-agent up to version 2026.4.30. Specifically, the AIAgent.run_conversation function in the run_agent.py file of the HTTP API component is vulnerable to manipulation of the 'todos' argument, leading to a denial of service (DoS) condition. The vulnerability has a CVSS score of 2.1, indicating a low severity. The attack can be initiated remotely, and pub [truncated]

LOW NousResearch CVE published 2026-07-04

CVE-2026-14625

CVE-2026-14625 is a security flaw in NousResearch hermes-agent up to 0.15.2. The vulnerability is located in the function shell.exec of the file tui_gateway/server.py. This flaw allows remote attackers to bypass protection mechanisms. The exploit has been publicly released and may be used for attacks. The vendor, NousResearch, was contacted but did not respond. This CVE was published on July 4, 2026.

LOW NousResearch CVE published 2026-07-03

CVE-2026-14617

CVE-2026-14617 is a security vulnerability detected in NousResearch hermes-agent up to 2026.4.30. The affected function is GatewayStreamConsumer._filter_and_accumulate in the file gateway/stream_consumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case sensitivity. The attack may be initiated remotely with high complexity and difficult exploitability. [truncated]

MEDIUM NousResearch CVE published 2026-06-17

CVE-2026-53870

The Hermes Agent before version 0.16.0 has a vulnerability that allows local users to access sensitive information due to world-readable file permissions. Specifically, the files 'response_store.db' and 'webhook_subscriptions.json' are created with permissions that allow any local user to read them. This exposure includes conversation history, tool payloads, prompts, and per-route HMAC secrets. The vulner [truncated]

HIGH NousResearch CVE published 2026-06-17

CVE-2026-53869

CVE-2026-53869 is a high-severity DNS rebinding vulnerability in Hermes Agent before 0.16.0. The vulnerability allows remote attackers to bypass Host and Origin validation via WebSocket endpoints. Specifically, the FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints. This enables attackers to exploit DNS rebinding and inject mal [truncated]

LOW NousResearch CVE published 2026-06-07

CVE-2026-11461

CVE-2026-11461 is an authorization bypass vulnerability in NousResearch hermes-agent up to 0.12.0. The vulnerability affects the resolve_session_by_title function of the hermes_state.py file in the resume endpoint. Attackers can exploit this vulnerability remotely, and the exploit has been publicly disclosed.

MEDIUM NousResearch CVE published 2026-06-01

CVE-2026-10224

A resource consumption vulnerability exists in NousResearch hermes-agent up to version 2026.4.30, specifically within the _handle_webhook_request function in gateway/platforms/feishu.py. The vulnerability affects the Webhook Endpoint component and can be exploited remotely to cause resource exhaustion. The exploit has been publicly disclosed and is available. The vendor was contacted regarding this disclo [truncated]

LOW NousResearch CVE published 2026-06-01

CVE-2026-10223

A low-severity injection weakness exists in NousResearch hermes-agent up to version 2026.4.30, specifically within the _scan_memory_content function in tools/memory_tool.py. The vulnerability allows remote attackers to perform injection attacks. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. The CVSS 4.0 vector indicates network attack vector with low complexity [truncated]

LOW NousResearch CVE published 2026-06-01

CVE-2026-10222

A low-severity injection vulnerability in NousResearch hermes-agent, affecting versions up to 2026.4.30. The flaw resides in the _sanitize_env_lines function within hermes_cli/config.py. The vulnerability is remotely exploitable but requires high attack complexity, making exploitation difficult. A public exploit has been released. The vendor was contacted but did not respond.

MEDIUM NousResearch CVE published 2026-06-01

CVE-2026-10220

A medium-severity injection vulnerability in NousResearch hermes-agent, affecting versions up to 2026.4.30. The flaw resides in the _serve_plugin_skill/skill_view function within tools/skills_tool.py. Remote attackers can exploit this issue to perform injection attacks. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

LOW NousResearch CVE published 2026-05-24

CVE-2026-9369

A local privilege issue exists in NousResearch hermes-agent 2026.4.23 within the CLI web-dashboard interface. The _discover_dashboard_plugins function in hermes_cli/web_server.py performs an incorrect comparison when processing the HERMES_ENABLE_PROJECT_PLUGINS argument, which could allow a local attacker to manipulate plugin loading behavior. The vulnerability requires local access and has been assigned [truncated]

MEDIUM NousResearch CVE published 2026-05-24

CVE-2026-9368

A medium-severity sandbox escape vulnerability exists in NousResearch hermes-agent up to version 2026.4.16. The flaw resides in the `execute_code` function within `tools/code_execution_tool.py`, specifically in the Environment Variable Handler component. Remote attackers can manipulate environment variables to bypass sandbox restrictions. The exploit has been publicly disclosed, and the vendor did not res [truncated]

MEDIUM NousResearch CVE published 2026-05-24

CVE-2026-9367

A command injection vulnerability exists in NousResearch hermes-agent, affecting the `detect_dangerous_command` function within `tools/approval.py` of the terminal_tool component. The flaw permits remote attackers to inject arbitrary operating system commands. The vulnerability was publicly disclosed on 2026-05-24 after the vendor was contacted but did not respond. A proof-of-concept exploit has been publ [truncated]

MEDIUM NousResearch CVE published 2026-05-24

CVE-2026-9366

A medium-severity injection vulnerability exists in NousResearch hermes-agent version 2026.4.23, specifically within the `_scan_context_content` function in `agent/prompt_builder.py`. The vulnerability allows remote attackers to perform injection attacks. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. The CVE was published on 2026-05-24 and last modified on 2026 [truncated]

MEDIUM NousResearch CVE published 2026-05-24

CVE-2026-9354

A medium-severity output escaping vulnerability affects NousResearch hermes-agent versions up to 2026.4.16. The flaw resides in the Slack Agent/Mattermost Agent component, where manipulation of the format_message argument can trigger improper output escaping. The vulnerability is remotely exploitable and public exploit availability has been confirmed. The vendor was contacted prior to disclosure but did n [truncated]

MEDIUM NousResearch CVE published 2026-05-24

CVE-2026-9351

A path traversal vulnerability exists in NousResearch hermes-agent up to version 2026.4.16, specifically within the `_is_blocked_device` function in `tools/file_tools.py`. The flaw affects the `read_file` tool component and can be exploited remotely to perform unauthorized file system operations. The vulnerability was disclosed publicly on 2026-05-24 after the vendor was contacted but did not respond. A p [truncated]

MEDIUM NousResearch CVE published 2026-05-24

CVE-2026-9350

A missing authorization vulnerability exists in NousResearch hermes-agent up to version 2026.4.16, specifically within the `check_all_command_guards` function in `tools/approval.py` of the Batch Runner component. The flaw allows remote attackers to bypass authorization controls, potentially enabling unauthorized command execution. The vulnerability has a CVSS 4.0 score of 5.5 (MEDIUM severity) with an att [truncated]