Skip to main content

hermes-agent CVE-2026-14783

| EUVDEUVD-2026-41794 LOW
Path Traversal (CWE-22)
2026-07-06 cna@vuldb.com GHSA-xq87-v97r-jw5g
2.1
CVSS 4.0 · Vendor: vuldb

Severity by source

Vendor (vuldb) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.3 MEDIUM

Network-accessible with low complexity, but PR:L required per CVSS 4.0 source; impact limited to low confidentiality read - no integrity or availability effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (vuldb).

CVSS VectorVendor: vuldb

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 06, 2026 - 00:27 vuln.today

DescriptionCVE.org

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skill_view of the file tools/skills_tool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 56f833efa427ccb444c0f9ad1759af1012f2124d. It is advisable to implement a patch to correct this issue.

AnalysisAI

Path traversal in NousResearch hermes-agent 2026.5.29.2 allows low-privilege authenticated remote attackers to read files outside the intended directory by supplying crafted path traversal sequences in the Name argument of the skill_view function within tools/skills_tool.py. Impact is confined to limited confidentiality exposure - no integrity or availability effect - consistent with the CVSS 4.0 score of 2.1 (Low). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege authenticated session
Delivery
Send crafted request to skill_view endpoint
Exploit
Supply path traversal sequences in Name argument
Execution
Application resolves path outside skills directory
Impact
Read arbitrary files accessible to hermes-agent process

Vulnerability AssessmentAI

Exploitation The attacker must hold a valid low-privilege authenticated session against the hermes-agent service - CVSS PR:L confirms authentication is required; unauthenticated exploitation is not supported by the available data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 2.1 (Low) reflects several mitigating factors: the attacker must be authenticated (PR:L), impact is read-only with limited confidentiality scope (VC:L), and there is no integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A publicly available exploit exists per the CVE description and CVSS E:P modifier. An authenticated attacker with low-privilege access sends a crafted HTTP request to the `skill_view` function with the `Name` parameter set to a path traversal payload such as `../../etc/passwd`, causing the application to resolve and return the contents of an arbitrary file on the host filesystem. …
Remediation Apply the upstream fix via commit 56f833efa427ccb444c0f9ad1759af1012f2124d, available at https://github.com/NousResearch/hermes-agent/commit/56f833efa427ccb444c0f9ad1759af1012f2124d and tracked in pull request https://github.com/NousResearch/hermes-agent/pull/40566. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-14783 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy