Skip to main content

hermes-agent CVE-2026-15311

| EUVDEUVD-2026-42764 LOW
Cross-site Scripting (XSS) (CWE-79)
2026-07-09 VulDB GHSA-93m6-38r7-vqmh
2.0
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Network-delivered XSS via Matrix messages requires PR:L (authenticated sender) and UI:R (victim must view); scope changes to victim browser session with low C/I impact.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jul 10, 2026 - 00:34 vuln.today
Severity Changed
Jul 10, 2026 - 00:22 NVD
MEDIUM LOW
CVSS changed
Jul 10, 2026 - 00:22 NVD
5.1 (MEDIUM) 2.0 (LOW)

DescriptionCVE.org

A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance.

AnalysisAI

Cross-site scripting in NousResearch hermes-agent (all versions through 2026.5.29.2) stems from unsanitized markdown-to-HTML conversion in the Matrix Adapter component, allowing an authenticated remote attacker to inject malicious scripts into Matrix platform messages. When a victim views the crafted content, the injected script executes in their browser context. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege account
Delivery
Craft markdown with embedded XSS payload
Exploit
Send message via Matrix Adapter
Execution
_markdown_to_html renders unsanitized HTML
Persist
Victim views message in client
Impact
Injected script executes in victim's browser

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) the attacker holds a valid authenticated low-privilege account on the targeted hermes-agent instance (PR:L - unauthenticated exploitation is not supported by the CVSS vector); (2) the hermes-agent deployment has the Matrix Adapter integration enabled, since the vulnerable function exists solely in gateway/platforms/matrix.py and is not reachable through other platform adapters; (3) a victim user must passively view the attacker-crafted message in their Matrix client (UI:P). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 2.0 (AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N) accurately characterizes this as low severity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user on a hermes-agent instance with the Matrix Adapter enabled crafts a markdown message embedding a malicious payload - for example, an image tag with an onerror handler or a hyperlink using a javascript: URI - and sends it to a shared Matrix room or direct channel. The _markdown_to_html function renders the message without sanitization, embedding the script in the HTML output. …
Remediation No official patched release has been confirmed - the upstream fix is pending review as pull request #42759 at https://github.com/NousResearch/hermes-agent/pull/42759. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-9367 MEDIUM POC
5.5 May 24

Remote command injection in NousResearch hermes-agent allows unauthenticated attackers to execute arbitrary OS commands

CVE-2026-14628 MEDIUM POC
5.5 Jul 04

Path traversal in NousResearch hermes-agent (all versions through 2026.5.16) exposes arbitrary server-side files via the

CVE-2026-9351 MEDIUM POC
5.5 May 24

Path traversal in NousResearch hermes-agent through version 2026.4.16 allows remote unauthenticated attackers to bypass

CVE-2026-9368 MEDIUM POC
5.5 May 24

Remote sandbox escape in NousResearch hermes-agent versions up to 2026.4.16 allows unauthenticated attackers to manipula

CVE-2026-10221 MEDIUM POC
5.5 Jun 01

Remote code/prompt injection in NousResearch Hermes Agent through 0.12.0 stems from improper neutralization in the _comp

CVE-2026-10220 MEDIUM POC
5.5 Jun 01

Remote injection in NousResearch Hermes Agent through version 2026.4.30 allows unauthenticated attackers to manipulate t

CVE-2026-9366 MEDIUM POC
5.5 May 24

Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbi

CVE-2026-9353 MEDIUM POC
5.5 May 24

Remote injection vulnerability in NousResearch hermes-agent versions up to 2026.4.23 enables unauthenticated attackers t

CVE-2026-10224 MEDIUM POC
5.5 Jun 01

Uncontrolled resource consumption in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenti

CVE-2026-9350 MEDIUM POC
5.5 May 24

Missing authorization in NousResearch hermes-agent versions up to 2026.4.16 allows remote attackers to bypass authentica

CVE-2026-9352 MEDIUM POC
5.5 May 24

Information disclosure in NousResearch hermes-agent allows remote unauthenticated attackers to extract sensitive data vi

CVE-2026-7396 MEDIUM POC
5.5 Apr 29

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality

Share

CVE-2026-15311 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy