Skip to main content

Hermes WebUI CVE-2026-49957

| EUVDEUVD-2026-35704 MEDIUM
Path Traversal (CWE-22)
2026-06-09 disclosure@vulncheck.com GHSA-5cwx-phm8-m83r
6.3
CVSS 4.0 · Vendor: vulncheck
Share

Severity by source

Vendor (vulncheck) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (vulncheck) · only source for this CVE.

CVSS VectorVendor: vulncheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 09, 2026 - 19:04 vuln.today
Analysis Generated
Jun 09, 2026 - 19:04 vuln.today
Patch available
Jun 09, 2026 - 19:03 EUVD

DescriptionCVE.org

Hermes WebUI before version 0.51.269 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within _remote_terminal_workspace_candidate(). Attackers can configure a remote terminal working directory to a system directory such as /etc, causing the workspace resolution path to accept it as a trusted local workspace root before the _is_blocked_workspace_path() guard executes, enabling read access to local system files through workspace file-read helpers.

AnalysisAI

Hermes WebUI's SSH/remote terminal workspace resolver exposes local server files to authenticated low-privilege attackers by accepting system directories as trusted workspace roots. The flaw in _remote_terminal_workspace_candidate() (api/workspace.py) causes an early return that bypasses the _is_blocked_workspace_path() guard, allowing an attacker-configured remote terminal working directory (e.g., /etc) to be registered as a trusted workspace - after which workspace file-read helpers treat it as a local path and return host file contents. No public exploit has been identified at time of analysis, but the CVSS 4.0 vector scores SC:H (high subsequent-system confidentiality impact), confirming meaningful server-side file disclosure potential.

Technical ContextAI

Hermes WebUI (nesquena/hermes-webui) is a web-based interface that includes an SSH/remote terminal integration allowing users to configure remote terminal profiles with custom working directories. Workspace resolution for these profiles is handled by _remote_terminal_workspace_candidate() in api/workspace.py. Under the vulnerable logic, candidate resolution for the remote cwd path executed an early return before invoking _is_blocked_workspace_path(), which is responsible for rejecting system directory roots such as /etc. Because the path was accepted as a trusted local workspace root prematurely, downstream file-read helpers - designed for safe workspace file access - would faithfully read from the resolved system path on the server. The root cause class is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory / Path Traversal): user-controlled input (the SSH profile cwd) influences server-side path resolution without adequate pre-acceptance validation. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) indicates this is network-accessible with low complexity, requiring no special attack prerequisites beyond a low-privileged account. The fix (commit 91a89fb5d5c0bf87932917f9914ad0150ea62fe4, PR #3731) adds if _is_blocked_workspace_path(candidate, raw) or _is_blocked_workspace_path(base, cwd): return None immediately within _remote_terminal_workspace_candidate(), ensuring the guard runs for both the derived candidate and the raw base path before any early return.

RemediationAI

Upgrade Hermes WebUI to at least the version identified as fixed: the CVE advisory references v0.51.269 (https://github.com/nesquena/hermes-webui/releases/tag/v0.51.269), while the CHANGELOG in the upstream fix commit attributes the security change to v0.51.296 (2026-06-06). Given this discrepancy, administrators should upgrade to v0.51.296 or later to be certain the fix from commit 91a89fb5d5c0bf87932917f9914ad0150ea62fe4 and PR #3731 is included, then verify the fix is present by confirming _remote_terminal_workspace_candidate() in api/workspace.py invokes _is_blocked_workspace_path() before any early return. As a compensating control where immediate patching is not feasible, restrict SSH/remote terminal profile configuration to administrator-only roles - this removes the ability for low-privilege users to set arbitrary cwd values and eliminates the attack surface; the trade-off is that legitimate non-admin users lose self-serve remote terminal profile access. Additionally, restricting network access to the Hermes WebUI interface to trusted users reduces exposure but does not eliminate risk if any authenticated user is untrusted. The VulnCheck advisory is available at https://www.vulncheck.com/advisories/hermes-webui-workspace-boundary-bypass-via-api-workspace-py.

Share

CVE-2026-49957 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy