Which versions of Hermes Agent are affected by CVE-2026-10221?

Organizations using NousResearch Hermes Agent (through v0.12.0) face immediate risk from remote attackers who can inject malicious prompts without credentials, potentially achieving code execution in…

Is there a public PoC exploit available for CVE-2026-10221?

Yes, a public proof-of-concept exploit is available for CVE-2026-10221. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-10221?

Within 24 hours: Inventory all systems running NousResearch Hermes Agent ≤v0.12.0 and immediately isolate from untrusted networks; document all exposed instances and dependent applications. Within 7 days: Implement strict input validation and prompt sanitization to reject injection patterns; deploy network segmentation restricting agent communication to trusted endpoints only. Within 30 days: Migrate to alternative agent frameworks without disclosed RCE vulnerabilities or discontinue Hermes Agent use entirely pending vendor remediation.

Hermes Agent CVE-2026-10221

Q: What is the CVSS score of CVE-2026-10221?

CVE-2026-10221 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-33554 MEDIUM

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2026-06-01 VulDB

GHSA-xq8w-9jvx-gm3v

Code Injection Hermes Agent

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Jun 01, 2026 - 04:22 NVD

HIGH MEDIUM

CVSS changed

Jun 01, 2026 - 04:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

Jun 01, 2026 - 04:21 vuln.today

DescriptionCVE.org

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Remote code/prompt injection in NousResearch Hermes Agent through 0.12.0 stems from improper neutralization in the _compress_context function within run_agent.py (CWE-74). Publicly available exploit code exists and the issue is remotely triggerable without authentication per the CVSS vector, though impact is bounded to Low across confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify exposed Hermes Agent instance

Delivery

Inject crafted content via tool or input channel

Exploit

Content flows into _compress_context in run_agent.py

Execution

Injection survives compression and is reinterpreted

Persist

Agent executes attacker-directed instructions or tool calls

Impact

Data exfiltration or unauthorized action