Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible web endpoint with low complexity; PR:L because authentication is required; C:H from cross-profile file read; no integrity or availability impact applies.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated as the default profile by the profile authorization check, a user on the default profile can export the imported session transcript and use its session identifier to read files from the named profile's workspace, defeating the application's profile isolation.
AnalysisAI
Cross-profile workspace isolation bypass in Hermes WebUI before 0.51.521 allows an authenticated low-privilege user operating under the default profile to read files scoped to other named profiles' workspaces. The /api/session/import handler validates the workspace against the active named profile but omits setting the profile field on the constructed Session object, persisting it with a null profile value. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated user account operating under the default (unnamed) profile in Hermes WebUI - the CVSS PR:L metric confirms authentication is mandatory and there is no unauthenticated attack path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD-assigned CVSS 6.5 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) is consistent with the described mechanism: the attack is network-accessible, low complexity, and requires only a low-privilege authenticated session, while the confidentiality impact is high due to cross-profile file read capability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated attacker holding a default-profile account sends a crafted request to /api/session/import, importing a session that was originally scoped to a named profile's workspace. Because the server stores the resulting Session object with a null profile, the attacker's default-profile authorization check passes when they retrieve the session transcript. … |
| Remediation | Upgrade Hermes WebUI to version 0.51.521 or later, which is confirmed as the vendor-released fix per the GitHub release at https://github.com/nesquena/hermes-webui/releases/tag/v0.51.521. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Hermes Webui
View allUnauthenticated remote code execution in Hermes WebUI before version 0.51.788 lets remote attackers run arbitrary shell
Authentication bypass in Hermes WebUI before 0.51.307 lets unauthenticated remote attackers reach onboarding endpoints t
Authentication bypass in Hermes WebUI before 0.51.409 allows unauthenticated remote attackers to register the first pass
Unauthenticated initial-setup hijack in Hermes WebUI before 0.51.358 allows any remote attacker who can reach the settin
Cross-profile authorization bypass in Hermes WebUI before 0.51.368 allows authenticated users to access sessions, files,
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authentic
Information disclosure in Hermes WebUI before v0.51.221 allows authenticated remote attackers to read arbitrary files ou
Cross-profile data disclosure in Hermes WebUI before 0.51.269 allows authenticated users to read session titles and tran
Cross-profile session data exfiltration in Hermes WebUI before 0.51.443 lets any authenticated user retrieve session tra
Cross-profile session disclosure in Hermes WebUI before 0.51.443 lets any authenticated user retrieve conversation trans
Resource exhaustion in Hermes WebUI before v0.51.270 allows unauthenticated remote attackers to degrade service availabi
Resource exhaustion in Hermes WebUI before 0.51.468 exposes an unauthenticated POST /api/onboarding/oauth/start endpoint
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40355
GHSA-8j74-6fjm-pjr7