Hermes WebUI
CVE-2026-55198
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable export endpoint, no special conditions, requires a valid low-privilege account (PR:L), no user interaction; leaks foreign session transcripts so C:H, with no integrity or availability impact.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before serializing session data, enabling attackers to exfiltrate foreign session transcripts by guessing or knowing session identifiers.
AnalysisAI
Cross-profile session data exfiltration in Hermes WebUI before 0.51.443 lets any authenticated user retrieve session transcripts belonging to other profiles by calling the session export endpoint with a guessed or known session ID. The flaw is a classic IDOR (CWE-639) in the _handle_session_export handler, which omits active-profile ownership checks before serializing the requested session. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must hold a valid authenticated session on the Hermes WebUI instance (PR:L) and must be able to reach the session export endpoint served by api/routes.py::_handle_session_export. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N) accurately captures the shape of the bug: remote, low-complexity, requires a valid low-privilege account, and yields high confidentiality impact with no integrity or availability impact - the 7.1 score is consistent with a multi-tenant data leak rather than a takeover primitive. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers or compromises any low-privilege Hermes WebUI account, then sends an authenticated request to the session export endpoint with a session identifier belonging to a different profile (obtained by guessing, enumeration, or prior knowledge). The server returns the foreign profile's serialized session transcript, allowing the attacker to exfiltrate private conversations across tenant boundaries without ever touching the victim's account. |
| Remediation | Vendor-released patch: Hermes WebUI v0.51.443, which scopes session by-id reads and exports to the active profile (upstream PRs nesquena/hermes-webui#3991 and #4269, commit 2a3baa71b81ca92da8ece8616a09f15894beec71). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Hermes WebUI deployments and confirm current version. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Hermes Webui
View allUnauthenticated remote code execution in Hermes WebUI before version 0.51.788 lets remote attackers run arbitrary shell
Authentication bypass in Hermes WebUI before 0.51.307 lets unauthenticated remote attackers reach onboarding endpoints t
Authentication bypass in Hermes WebUI before 0.51.409 allows unauthenticated remote attackers to register the first pass
Unauthenticated initial-setup hijack in Hermes WebUI before 0.51.358 allows any remote attacker who can reach the settin
Cross-profile authorization bypass in Hermes WebUI before 0.51.368 allows authenticated users to access sessions, files,
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authentic
Information disclosure in Hermes WebUI before v0.51.221 allows authenticated remote attackers to read arbitrary files ou
Cross-profile data disclosure in Hermes WebUI before 0.51.269 allows authenticated users to read session titles and tran
Cross-profile session disclosure in Hermes WebUI before 0.51.443 lets any authenticated user retrieve conversation trans
Resource exhaustion in Hermes WebUI before v0.51.270 allows unauthenticated remote attackers to degrade service availabi
Resource exhaustion in Hermes WebUI before 0.51.468 exposes an unauthenticated POST /api/onboarding/oauth/start endpoint
Cross-profile workspace isolation bypass in Hermes WebUI before 0.51.521 allows an authenticated low-privilege user oper
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today