Skip to main content

hermes-agent CVE-2026-14625

| EUVDEUVD-2026-41664 LOW
Protection Mechanism Failure (CWE-693)
2026-07-04 VulDB GHSA-5p65-6hm5-c89p
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.3 MEDIUM

Network-accessible shell.exec bypass requires low-privilege authentication; no scope change, and impact is bounded to low C/I/A on the vulnerable system only.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 04, 2026 - 12:22 NVD
MEDIUM LOW
CVSS changed
Jul 04, 2026 - 12:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jul 04, 2026 - 12:21 vuln.today

DescriptionCVE.org

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Protection mechanism failure in NousResearch hermes-agent (≤ 0.15.2) allows remote authenticated attackers to bypass shell execution controls via the shell.exec function in tui_gateway/server.py, resulting in low-level confidentiality, integrity, and availability impact. The vulnerability is classified under CWE-693 and carries a CVSS 4.0 score of 5.3 (Medium), with a publicly available proof-of-concept exploit hosted on GitHub. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to hermes-agent TUI gateway
Delivery
Craft malicious shell.exec request
Exploit
Bypass protection mechanism in server.py
Execution
Execute unintended shell commands on host
Impact
Achieve limited information disclosure and partial system impact

Vulnerability AssessmentAI

Exploitation Exploitation requires a low-privilege authenticated session against the hermes-agent TUI gateway endpoint (PR:L per CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.3 reflects a medium-severity vulnerability with constrained impact: VC:L/VI:L/VA:L and no scope change (SC/SI/SA:N), indicating the attacker cannot pivot to other systems or achieve full compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged authenticated user with network access to the hermes-agent TUI gateway sends a crafted request that manipulates the shell.exec function in tui_gateway/server.py, bypassing its protection mechanism to execute unintended shell commands on the host. A proof-of-concept demonstrating this technique is publicly available at https://gist.github.com/YLChen-007/3b11589740dcf16b152b0929e1b3d024, reducing the attacker skill requirement significantly. …
Remediation No vendor-released patch has been identified at time of analysis - the vendor did not respond to responsible disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-9367 MEDIUM POC
5.5 May 24

Remote command injection in NousResearch hermes-agent allows unauthenticated attackers to execute arbitrary OS commands

CVE-2026-14628 MEDIUM POC
5.5 Jul 04

Path traversal in NousResearch hermes-agent (all versions through 2026.5.16) exposes arbitrary server-side files via the

CVE-2026-9351 MEDIUM POC
5.5 May 24

Path traversal in NousResearch hermes-agent through version 2026.4.16 allows remote unauthenticated attackers to bypass

CVE-2026-9368 MEDIUM POC
5.5 May 24

Remote sandbox escape in NousResearch hermes-agent versions up to 2026.4.16 allows unauthenticated attackers to manipula

CVE-2026-10221 MEDIUM POC
5.5 Jun 01

Remote code/prompt injection in NousResearch Hermes Agent through 0.12.0 stems from improper neutralization in the _comp

CVE-2026-10220 MEDIUM POC
5.5 Jun 01

Remote injection in NousResearch Hermes Agent through version 2026.4.30 allows unauthenticated attackers to manipulate t

CVE-2026-9366 MEDIUM POC
5.5 May 24

Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbi

CVE-2026-9353 MEDIUM POC
5.5 May 24

Remote injection vulnerability in NousResearch hermes-agent versions up to 2026.4.23 enables unauthenticated attackers t

CVE-2026-10224 MEDIUM POC
5.5 Jun 01

Uncontrolled resource consumption in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenti

CVE-2026-9350 MEDIUM POC
5.5 May 24

Missing authorization in NousResearch hermes-agent versions up to 2026.4.16 allows remote attackers to bypass authentica

CVE-2026-9352 MEDIUM POC
5.5 May 24

Information disclosure in NousResearch hermes-agent allows remote unauthenticated attackers to extract sensitive data vi

CVE-2026-7396 MEDIUM POC
5.5 Apr 29

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality

Share

CVE-2026-14625 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy