Skip to main content

hermes-agent CVE-2026-10223

| EUVD-2026-33556 LOW
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-06-01 VulDB GHSA-33qv-c5qm-799v
Code Injection Hermes Agent
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 01, 2026 - 06:22 vuln.today
Severity Changed
Jun 01, 2026 - 06:22 NVD
MEDIUM LOW
CVSS changed
Jun 01, 2026 - 06:22 NVD
6.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Injection vulnerability in NousResearch hermes-agent's _scan_memory_content function exposes authenticated low-privileged remote users to partial confidentiality, integrity, and availability compromise across all versions through 2026.4.30. The flaw originates in tools/memory_tool.py, where user-controlled input is insufficiently neutralized before being passed to downstream components. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege account credentials
Delivery
Authenticate to network-exposed hermes-agent instance
Exploit
Submit crafted injection payload to memory tool endpoint
Execution
Trigger unsanitized processing in _scan_memory_content
Persist
Inject malicious content into downstream component
Impact
Achieve partial confidentiality, integrity, or availability impact
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Authentication is required at a low-privilege level (CVSS PR:L confirmed from vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 6.3 (Medium) reflects AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - network-reachable, low complexity, requiring only low-privileged authentication, with no user interaction needed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privileged account on a network-accessible hermes-agent instance crafts a malicious payload targeting the `_scan_memory_content` function in `tools/memory_tool.py`, injecting content that propagates to a downstream component such as an LLM prompt, subprocess call, or file operation. A public proof-of-concept exploit is available via GitHub gist, lowering the barrier to exploitation to script-level capability. …
Remediation No vendor-released patch identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10223 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy