A medium-severity sandbox escape vulnerability exists in NousResearch hermes-agent up to version 2026.4.16. The flaw resides in the `execute_code` function within `tools/code_execution_tool.py`, specifically in the Environment Variable Handler component. Remote attackers can manipulate environment variables to bypass sandbox restrictions. The exploit has been publicly disclosed, and the vendor did not res [truncated]
A medium-severity injection vulnerability exists in NousResearch hermes-agent version 2026.4.23, specifically within the `_scan_context_content` function in `agent/prompt_builder.py`. The vulnerability allows remote attackers to perform injection attacks. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. The CVE was published on 2026-05-24 and last modified on 2026 [truncated]
A medium-severity output escaping vulnerability affects NousResearch hermes-agent versions up to 2026.4.16. The flaw resides in the Slack Agent/Mattermost Agent component, where manipulation of the format_message argument can trigger improper output escaping. The vulnerability is remotely exploitable and public exploit availability has been confirmed. The vendor was contacted prior to disclosure but did n [truncated]
A path traversal vulnerability exists in NousResearch hermes-agent up to version 2026.4.16, specifically within the `_is_blocked_device` function in `tools/file_tools.py`. The flaw affects the `read_file` tool component and can be exploited remotely to perform unauthorized file system operations. The vulnerability was disclosed publicly on 2026-05-24 after the vendor was contacted but did not respond. A p [truncated]
A missing authorization vulnerability exists in NousResearch hermes-agent up to version 2026.4.16, specifically within the `check_all_command_guards` function in `tools/approval.py` of the Batch Runner component. The flaw allows remote attackers to bypass authorization controls, potentially enabling unauthorized command execution. The vulnerability has a CVSS 4.0 score of 5.5 (MEDIUM severity) with an att [truncated]
