Skip to main content

Hermes WebUI CVE-2026-58122

| EUVDEUVD-2026-42726 CRITICAL
Use of Less Trusted Source (CWE-348)
2026-07-09 VulnCheck GHSA-rfj2-6v8r-3w64
9.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.1 CRITICAL

Remote, unauthenticated, low-complexity header spoof (AV:N/AC:L/PR:N/UI:N) yielding SSRF/credential disclosure (C:H) and config/key overwrite (I:H) with no availability loss (A:N).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 09, 2026 - 22:09 vuln.today

DescriptionCVE.org

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to perform server-side request forgery against internal services including cloud metadata endpoints, overwrite LLM provider configuration and API keys with attacker-controlled values, or initiate OAuth device-code flows to obtain persistent access tokens stored in auth.json.

AnalysisAI

Authentication bypass in Hermes WebUI before 0.51.307 lets unauthenticated remote attackers reach onboarding endpoints that are supposed to be restricted to loopback traffic by spoofing an X-Forwarded-For header with a 127.0.0.1 value. Once past the origin check, an attacker can pivot to server-side request forgery against internal services and cloud metadata endpoints, overwrite LLM provider configuration and API keys, or start an OAuth device-code flow to mint persistent tokens saved in auth.json. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Locate exposed Hermes WebUI
Delivery
Send request with spoofed X-Forwarded-For: 127.0.0.1
Exploit
Bypass local-origin onboarding check
Execution
SSRF to cloud metadata / overwrite API keys
Persist
Trigger OAuth device-code flow
Impact
Persist token in auth.json

Vulnerability AssessmentAI

Exploitation Exploitation requires that the Hermes WebUI instance (version below 0.51.307) be network-reachable by the attacker and that the onboarding endpoints rely on the X-Forwarded-For header for their local-origin restriction, which is the default vulnerable behavior. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are consistent and point to a genuine priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker discovers an internet-reachable Hermes WebUI instance and sends a crafted HTTP request to an onboarding endpoint with the header X-Forwarded-For: 127.0.0.1, defeating the local-origin restriction. They then abuse the SSRF sink to query the cloud metadata endpoint for IAM credentials, overwrite the configured LLM provider API keys with their own, and trigger an OAuth device-code flow to persist an access token in auth.json. …
Remediation Vendor-released patch: upgrade to Hermes WebUI v0.51.307 or later, which is the primary and complete fix (release: https://github.com/nesquena/hermes-webui/releases/tag/v0.51.307; fix PR https://github.com/nesquena/hermes-webui/pull/3758; patch commit https://github.com/nesquena/hermes-webui/commit/70596e6993be0d4cee083c1c1a86f5e7ad5d57b7). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Hermes WebUI deployments and determine current versions; immediately restrict network access to onboarding endpoints if running pre-0.51.307 instances. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-58123 CRITICAL
9.3 Jul 09

Unauthenticated remote code execution in Hermes WebUI before version 0.51.788 lets remote attackers run arbitrary shell

CVE-2026-55196 CRITICAL
9.1 Jun 17

Authentication bypass in Hermes WebUI before 0.51.409 allows unauthenticated remote attackers to register the first pass

CVE-2026-49973 CRITICAL
9.2 Jun 11

Unauthenticated initial-setup hijack in Hermes WebUI before 0.51.358 allows any remote attacker who can reach the settin

CVE-2026-53871 HIGH
8.6 Jun 17

Cross-profile authorization bypass in Hermes WebUI before 0.51.368 allows authenticated users to access sessions, files,

CVE-2026-6832 HIGH
7.2 Apr 21

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authentic

CVE-2026-11322 HIGH
7.1 Jun 04

Information disclosure in Hermes WebUI before v0.51.221 allows authenticated remote attackers to read arbitrary files ou

CVE-2026-49956 HIGH
7.1 Jun 09

Cross-profile data disclosure in Hermes WebUI before 0.51.269 allows authenticated users to read session titles and tran

CVE-2026-55198 HIGH
7.1 Jun 17

Cross-profile session data exfiltration in Hermes WebUI before 0.51.443 lets any authenticated user retrieve session tra

CVE-2026-55197 HIGH
7.1 Jun 17

Cross-profile session disclosure in Hermes WebUI before 0.51.443 lets any authenticated user retrieve conversation trans

CVE-2026-49955 MEDIUM
6.9 Jun 09

Resource exhaustion in Hermes WebUI before v0.51.270 allows unauthenticated remote attackers to degrade service availabi

CVE-2026-55205 MEDIUM
6.9 Jun 18

Resource exhaustion in Hermes WebUI before 0.51.468 exposes an unauthenticated POST /api/onboarding/oauth/start endpoint

CVE-2026-58174 MEDIUM
6.0 Jun 30

Cross-profile workspace isolation bypass in Hermes WebUI before 0.51.521 allows an authenticated low-privilege user oper

Share

CVE-2026-58122 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy