Hermes WebUI
CVE-2026-55197
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable API exploitable by any authenticated low-privilege user with no interaction; impact is confined to confidentiality of other profiles' transcripts, with no integrity or availability effect.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET /api/session?session_id=<foreign_id>&messages=1 to retrieve unauthorized conversation transcripts and metadata.
AnalysisAI
Cross-profile session disclosure in Hermes WebUI before 0.51.443 lets any authenticated user retrieve conversation transcripts and metadata belonging to other profiles by passing a foreign session_id to the /api/session endpoint. The flaw is a classic IDOR (CWE-639) where profile boundary checks are missing on by-id reads. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold a valid authenticated session on a vulnerable Hermes WebUI instance running a version prior to 0.51.443 (PR:L), and must be able to reach the /api/session endpoint over the network (AV:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H rates this 7.1 (High) and the signals are internally consistent: low-privilege authenticated network attacker, no user interaction, no special attack requirements, and high confidentiality impact on the vulnerable system with no integrity or availability impact - i.e. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated low-privilege user enumerates or guesses session IDs belonging to other profiles - for example, by iterating numeric IDs or harvesting them from logs, share links, or another tenant - and issues GET /api/session?session_id=<foreign_id>&messages=1, receiving the full transcript and metadata of another profile's conversation. Because the request is a single well-formed API call requiring no user interaction and no special tooling, a curious insider or compromised account can quietly siphon other profiles' conversations at scale; no public exploit identified at time of analysis, but the patch notes openly describe the primitive. |
| Remediation | Vendor-released patch: upgrade to Hermes WebUI 0.51.443 or later, which scopes session by-id reads and exports to the caller's active profile (commit 2a3baa71b81ca92da8ece8616a09f15894beec71, see https://github.com/nesquena/hermes-webui/releases/tag/v0.51.443). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Hermes WebUI instances and confirm versions prior to 0.51.443 are in use; assess scope of multi-profile deployments and data sensitivity. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Hermes Webui
View allUnauthenticated remote code execution in Hermes WebUI before version 0.51.788 lets remote attackers run arbitrary shell
Authentication bypass in Hermes WebUI before 0.51.307 lets unauthenticated remote attackers reach onboarding endpoints t
Authentication bypass in Hermes WebUI before 0.51.409 allows unauthenticated remote attackers to register the first pass
Unauthenticated initial-setup hijack in Hermes WebUI before 0.51.358 allows any remote attacker who can reach the settin
Cross-profile authorization bypass in Hermes WebUI before 0.51.368 allows authenticated users to access sessions, files,
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authentic
Information disclosure in Hermes WebUI before v0.51.221 allows authenticated remote attackers to read arbitrary files ou
Cross-profile data disclosure in Hermes WebUI before 0.51.269 allows authenticated users to read session titles and tran
Cross-profile session data exfiltration in Hermes WebUI before 0.51.443 lets any authenticated user retrieve session tra
Resource exhaustion in Hermes WebUI before v0.51.270 allows unauthenticated remote attackers to degrade service availabi
Resource exhaustion in Hermes WebUI before 0.51.468 exposes an unauthenticated POST /api/onboarding/oauth/start endpoint
Cross-profile workspace isolation bypass in Hermes WebUI before 0.51.521 allows an authenticated low-privilege user oper
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today