EUVD-2026-33856
GHSA-g28j-ffjc-vcrh
Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Improper authentication in NousResearch hermes-agent through version 2026.4.23 allows a local low-privileged attacker to manipulate the Credential Pool Synchronization component, specifically the _sync_anthropic_entry_from_credentials_file function in agent/credential_pool.py, bypassing authentication controls over Anthropic API credentials. A proof-of-concept exploit is publicly available on GitHub and the vendor did not respond to coordinated disclosure, leaving no patch available at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an existing local operating system account with low privileges on the host running NousResearch hermes-agent (CVSS AV:L/PR:L confirmed) - remote, network-based exploitation is not possible based on available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 5.3 (Medium) reflects a constrained attack surface: local attack vector (AV:L), low complexity (AC:L), and low privileges required (PR:L), with partial confidentiality, integrity, and availability impact (C:L/I:L/A:L) and unchanged scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privileged shell account on a shared server running hermes-agent downloads the publicly available proof-of-concept from the GitHub gist and executes it locally, invoking or manipulating `_sync_anthropic_entry_from_credentials_file` to bypass authentication controls and extract or substitute Anthropic API credentials from the credential pool. The attacker then uses the harvested API key to make unauthorized requests to Anthropic's API, incurring billing charges or accessing data processed through the agent. |
| Remediation | No vendor-released patch has been identified at time of analysis - the vendor did not respond to disclosure, and RL:X in the CVSS temporal vector confirms no remediation level has been defined. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today